The DIGEST-MD5 SASL mechanism is used to perform all processing related to SASL DIGEST-MD5 authentication. The DIGEST-MD5 SASL mechanism is very similar to the CRAM-MD5 mechanism in that it allows for password-based authentication without exposing the password in the clear (although it does require that both the client and the server have access to the clear-text password). Like the CRAM-MD5 mechanism, it uses data that is randomly generated by the server to make it resistant to replay attacks, but it also includes randomly-generated data from the client, which makes it also resistant to problems resulting from weak server-side random number generation. ds-cfg-digest-md5-sasl-mechanism-handler ds-cfg-sasl-mechanism-handler org.opends.server.extensions.DigestMD5SASLMechanismHandler Specifies the realms that is to be used by the server for DIGEST-MD5 authentication. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. .* STRING Any realm string that does not contain a comma. ds-cfg-realm The name of a property that specifies the quality of protection the server will support. none QOP equals authentication only. Quality of protection equals authentication with integrity protection. Quality of protection equals authentication with integrity and confidentiality protection. ds-cfg-quality-of-protection Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. The referenced identity mapper must be enabled when the is enabled. ds-cfg-identity-mapper Specifies the DNS-resolvable fully-qualified domain name for the server that is used when validating the digest-uri parameter during the authentication process. If this configuration attribute is present, then the server expects that clients use a digest-uri equal to "ldap/" followed by the value of this attribute. For example, if the attribute has a value of "directory.example.com", then the server expects clients to use a digest-uri of "ldap/directory.example.com". If no value is provided, then the server does not attempt to validate the digest-uri provided by the client and accepts any value. The server attempts to determine the fully-qualified domain name dynamically. .* STRING The fully-qualified address that is expected for clients to use when connecting to the server and authenticating via DIGEST-MD5. ds-cfg-server-fqdn