The iFolder client talks to the iFolder server over HTTP port 80, which is a clear text, unencrypted port. Thus, the requests that are transferred between the iFolder client and iFolder server are never encrypted; however, the username and password are always encrypted and the data is encrypted only if the user selects the encryption option or if you enforce the encryption option from the iFolder Managment Console.
iFolder uses RSA* encryption to encrypt the username and password and Blowfish* encryption to encrypt the user data when it travels between the iFolder client and server. If data encryption is chosen, the data is actually encrypted as it travels across the wire to the iFolder server and is stored in its encrypted state on the iFolder server. However, the data is never stored encrypted on the local workstation.
When a user logs in, the iFolder client authenticates to the iFolder server by sending the encrypted username and password to the iFolder server. The iFolder server uses the user ID and password to perform an LDAP bind to an LDAP server. After the LDAP bind is successful, LDAP verifies that the user is connected to the correct iFolder server. If the user is on a different server, his request is directed to the correct server. iFolder uses eDirectoryTM to store its configuration settings and to specify what iFolder server the user is assigned to---this is how iFolder handles redirection. When iFolder is installed and the Admin logs in to the iFolder Management Console, the Global Setttings LDAP schema is extended and the following LDAP objects are added:
The iFolder Server Agent Object is the only iFolder-specific object that cannot be managed through the iFolder Management Console. In fact, you will see it only in ConsoleOne®. This object is used to facilitate communication between the iFolder and LDAP server. Do not delete this object.
For more information on the attributes associated with these objects, see Logging In to the iFolder Management Console.