System Authentication

One of the ways the Server can control who has access, is by checking the username and password against the operating system's login database.  This allows clients to use the same credentials as they would for a console or remote login, and applies whatever privileges and restrictions are assigned by the operating system.

System Authentication is activated by placing the "-S" option on the command line, or by setting the configuration variable SysAuth to 1.  It is also enabled by default if the servedat process is run with logon privileges and does not have an AuthFile specified.

On Mac OS X and darwin, the PAM system is used.  On other unix systems, the system password file and/or NIS will be used.  On Windows systems, the local LogonUser database is used.

When the server is running with sufficient privileges, System Users are granted the user id, group id, and secondary group ids of their login.  If the server is not running as a privileged process, System Authentication will not be available on most systems.

System authenticated users will normally be allowed full access to all available filesystems by using absolute pathnames (paths starting with a '/' or in Windows with a volume label such as "C:").  You can override this access server-wide with the configuration variable RestrictHome, or per-user using the AuthFile RestrictHome option.