23.3.2 To Transition Users

You can use configutil to specify information about transitioning users. An example would be if a user password changes or if a client attempts to authenticate with a mechanism for which they do not have a proper entry.

configutil -o sasl.default.auto_transition -v value

For value, you can specify one of the following:

• no or 0 - Don’t transition passwords. This is the default.

• yes or 1 - Do transition passwords.

To successfully transition users, you must set up ACIs in the Directory Server that allow Messaging Server write access to the user password attribute. To do this, perform the following steps:

To Transition Users

. If you are using a Directory Server prior to version 6 the following instructions apply. For version 6 or later, refer to the latest Directory Server documentation (Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide):

1. In Console, open the Directory Server you want to configure.

2. Click the Directory tab.

3. Select the base suffix for the user/group tree.

4. From the Object menu, select Access Permissions.

5. Select (double click) the ACI for “Messaging Server End User Administrator Write Access Rights”.

6. Click ACI Attributes.

7. Add the userpassword attribute to the list of existing attributes.

8. Click OK.

   sasl.default.mech_list can be used to enable a list of SASL mechanisms. If non-empty, this overrides the sasl.default.ldap.has_plain_passwords option as well as the service.imap.allowanonymouslogin option. This option applies to all protocols (imap, pop, smtp).