From the SIF Specification (2.0r1):
"The Authentication object allows a system that stores usernames and/or passwords to share them with other applications through SIF. The provider of the Authentication object may only support providing a username or a password, or it may support both."
The Destiny Synchronization process
The Destiny SIF agent attempts to synchronize with the Authentication object provider in the zone by default. If no Authentication object provider exists in the zone, those requests are simply discarded. Upon the completion of the synchronization, the USERNAME and PASSWORD fields in Destiny are updated with the information in the Authentication object. This action is taken for both Students and Staff.
Changing the default behavior
There are a set of property lines that can be used to modify the default use of the Authentication object for Students and Staff (USERNAME and PASSWORD fields). The ability to import the USERNAME and PASSWORD fields can be adjusted by changing the value to "true" or "false". The below property lines result in the ability of ONLY Student USERNAMES to be updated via the Authentication object.
<property name="authentication.StudentPersonal.importusername" value="true"/>
<property name="authentication.StudentPersonal.importpassword" value="false"/>
<property name="authentication.StaffPersonal.importusername" value="false"/>
<property name="authentication.StaffPersonal.importpassword" value="false"/>
Events reported by the Authentication object provider
Events reported by the Authentication object provider are processed by the Destiny agent and the changes are applied to the Destiny database. Events follow the same behavior described above, and are also affected by the use of the property lines.