Encrypted password file authentication

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Encrypted password file authentication

Encrypted password file authentication is ideal for large scale deployments where there is not an existing Active Directory deployment, and there will potentially be too many accounts to manage easily from a single local computer.

Use encrypted password file authentication if:

  • You are not using Active Directory.

    -Or-

  • You do not want to create users on the local computer.

With encrypted password file authentication, you can use an identical user name across different domains, but you cannot assign the same user name to multiple mailboxes within a domain. For example, you cannot have two mailboxes named someone@example.com, but you can have someone@example.com and someone@northwindtraders.com.

Encrypted Password file authentication creates an encrypted file with the user's password, which is then stored in the user's mailbox directory on the server. During authentication, the password the user supplies is encrypted and compared to the encrypted file stored on the server. If the encrypted password matches the encrypted password stored on the server, the user is authenticated.

Migrating encrypted password file user accounts to Active Directory user accounts

You can migrate user accounts created under encrypted password file authentication to Active Directory user accounts using the winpop.exe command-line tool. For more information, see Migrate an encrypted password file user account to an Active Directory user account.

E-mail client authentication

Encrypted Password file authentication supports both plaintext and Authenticated POP (APOP) e-mail client authentication. Plaintext transmits the user's credentials in an unsecured, unencrypted format. Therefore, the use of plaintext authentication is not recommended.

Because APOP e-mail client authentication requires e-mail clients to transmit both the user name and password using secure authentication, it is recommended over plaintext authentication. For more information, see Configure the mail server to require Secure Password Authentication.