Standalone CDO servers are configured using the cdo-server.xml configuration file, as explained on the CDO Wiki. A separate wiki page has further information about configuring server-side CDO/Net4j authentication, but it is outdated as of version 3.0, as noted on the page:
[...] Note that in CDO 3.0 we have an additional, superior athentication mechanism per CDOSession (not only on Net4j IConnector level). [...]
Neither new authentication mechanism, nor its usage are explained. How do I configure server-side authentication in CDO 3.0 or above?
The new authentication mechanism introduced in CDO 3.0 is configured using the userManager element in your cdo-server.xml, for example:
<repository name="MyRepo">
<userManager type="file" description="absolute-path-to-users-file"/>
...
</repository>
The above example is using the built-in FileUserManager, which has a factory registered with the type "file". This user manager implementation authenticates users against a list of usernames and passwords stored in a flat file at the location specified in the description attribute. This file should contain the users and their passwords in the following format:
user1:pwd1
user2:pwd2
Some background on implementing you own UserManager and how this configuration mechanism was implemented is available in the Eclipse Bugzilla issue Allow configuration of authentication in cdo-server.xml.