API for Simple Authentication and Security Layer (SASL)
SASL defines a method for adding authentication support to connection-based
protocols. To use this specification, a protocol includes a command
for identifying and authenticating a user to a server and for optionally negotiating
protection of subsequent protocol interactions. If its use is negotiated,
a security layer is inserted between the protocol and the connection.
The unique value provided by SASL is in its protocol independence. A handler
for a particular authentication mechanism (CRAM MD5, Kerberos, GSSAPI, ...)
can potentially be used to authenticate connections over any protocol.
SASL is defined in RFC 2222. RFCs 2245, 2444, and 2831 describe particular
SASL mechanisms, while RFC 2554 describes SASL used with SMTP, and RFC 2829
describes SASL used with LDAP. There are a number of Internet Drafts proposing
additional SASL mechanisms.
- The API must support the implementation of Service Providers conformant
to RFC 2222.
- The API must support the implementation of the following published
- The API should facilitate control of SASL policies on a site-wide
basis; site administrators should be able to configure the preferred and
allowed authentication mechanisms, encryption strengths, and other mechanism
- The API must be defined rigorously enough to allow seamless replacement
of provider implementations.
- The API should provide a means for configuring adequate defaults,
so that clients can be implemented without detailed awareness of the SASL
authentication options and parameters, but allow sophisticated clients to
express detailed requirements.
The current version is Maintenance Release 1 Final Release.
Community Source License
Reference Implementation and Technology Compatibility Kit
Subject to licensing terms above, you can download the v1.1 RI and TCK here.
Feedback and Comments
Please send feedback and comments to firstname.lastname@example.org.