Universal Messaging 10.11 | Concepts | Security | Authentication | Client-Side Authentication
 
Client-Side Authentication
 
Enabling Reverse Hostname Resolution for localhost
If the pre-existing session connection methods with no username and password parameters are used, the client will continue to use unauthenticated sessions, if the Universal Messaging server is configured to allow that. In this case, the user identity defaults to the username under which the client process is running, as specified in the Java user.name system property for Java clients.
You can use the following system properties to configure client-side authentication:
*Nirvana.sasl.client.mech - specifies which SASL mechanism to use. Valid values are PLAIN, CRAM-MD5, and DIGEST-MD5.
If you do not set this property, the mechanism defaults to PLAIN. PLAIN transmits the user password in plain text, so it is recommended to use it only over an SSL connection. CRAM-MD5 and DIGEST-MD5 do not transmit the password in plain text and are more appropriate for general connections.
*Nirvana.sasl.client.enablePrehash - specifies whether to pre-hash the supplied password when using the CRAM-MD5 or DIGEST-MD5 mechanisms. Valid values are true or false.
You should set this property to true only when the server is using the fSAGInternalUserRepositoryAdapter to store client credentials, otherwise CRAM-MD5 and DIGEST-MD5 authentication will fail. If you do not set Nirvana.sasl.client.enablePrehash, the property defaults to false and pre-hashing is not enabled.
Note:
Basic authentication, supplying a username and password, is supported only for Java and .NET clients.