Passtoken Options for ESF Manager

Passtoken options for ESF Manager are currently set by editing the text in the Configuration Information area on the "Security" tab in the region configuration in MFDS (or the "Default ES Security" or "MF Directory Server" tabs in the security options in MFDS).

Note: This is not the configuration area in the Security Manager configuration, which is used to set security options for an ESM Module. It is the configuration area on the page where you set the list of security managers to use for a region, default security, or MFDS. Text in this area is organized into sections which begin with a "tag" in square brackets, followed by lines in the form of name=value.

You can restrict the use of passtokens in any Enterprise Server component that uses a particular Security Manager configuration by setting the following in that area:

[Passtoken] 
allow=option

where option is one of none (disable passtokens), generate (allow passtoken generation but not use), signon (allow passtoken use for signon but not generation), both (allow both generation and signon), or yes (synonym for both).

Allowing only generation may be useful for a region that makes ISC requests to another region but does not receive them, and conversely allowing only signon may be useful for a region that receives remote requests but never makes them.