The iFolder client talks to the iFolder server over HTTP port 80, which is a clear text, unencrypted port. Data requests that are exchanged between the iFolder client and iFolder server are never encrypted. However, the username and password are always encrypted. Novell iFolder encrypts the data over the connection and while the file is on the iFolder server only if the user selects the encryption option at the time the account is initialized or if the iFolder administrator enforces the encryption option from the iFolder Management Console.
iFolder uses RSA encryption to encrypt the username and password and Blowfish encryption to encrypt the user data when it travels between the iFolder client and server. If data encryption is enabled, the data is actually encrypted as it travels across the wire to the iFolder server and is stored in its encrypted state on the iFolder server. However, the data is never stored encrypted on the local workstation.
When a user logs in, the iFolder client authenticates to the iFolder server by sending the encrypted username and password to the iFolder server. The iFolder server uses the user ID and password to perform an LDAP bind to an LDAP server. After the LDAP bind is successful, LDAP verifies that the user is connected to the correct iFolder server. If the user is on a different server, the request is directed to the correct server. iFolder uses the LDAP server to store its configuration settings and to specify what iFolder server the user is assigned to; this is how iFolder handles redirection.
When iFolder is installed and the Admin logs in to the iFolder Management Console, the Global Settings LDAP schema is extended and the following LDAP objects are added:
For more information on the attributes associated with these objects, see Logging In to the iFolder Management Console.