Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 5.3. What is SASL?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Counties ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 5.2. What is GSSAPI?
Next Document: 5.4. Is there a reference for the Kerberos API?
See reader questions & answers on this topic! - Help others by sharing your knowledge
SASL is an acronym; it stands for Simple Authentication and Security Layer.

SASL is a generic protocol framework for doing various sorts of
authentication between clients and server. In SASL termology, application
protocols such as POP, IMAP, and SMTP specify a "SASL profile," which
describes how to encapsulate SASL negotiation and SASL messages for that
protocol. Different authentication schemes are called "mechanisms" in the
SASL framework.

How does this relate to Kerberos? One of the supported mechanisms for SASL
is GSSAPI, and since Kerberos is one of the standardized GSSAPI mechanisms,
protocols that use SASL for authentication support Kerberos authentication
via the GSSAPI.

It's important to clarify one thing: while a protocol may support SASL, it's
not required that applications that implement that protocol support all
security mechanisms. In other words, a particular mail reader may support
SASL, but it might not support the GSSAPI mechanism. You need to talk to the
vendor to find out which mechanisms each application supports.

SASL is described by the following RFC:

   * RFC 2222 - <http://www.ietf.org/rfc/rfc2222.txt>

Some example of SASL profiles for application protocols are:

POP
     RFC 1734 - <http://www.ietf.org/rfc/rfc1734.txt>

IMAP
     RFC 1731 - <http://www.ietf.org/rfc/rfc1731.txt>>

SMTP
     RFC 2554 - <http://www.ietf.org/rfc/rfc2554.txt>

A number of SASL libraries are available for programmers who don't wish to
write their own SASL code. The most common open-source one is Cyrus SASL.
It's available at:

   * <ftp://ftp.andrew.cmu.edu/pub/cyrus-mail>

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 5.2. What is GSSAPI?
Next Document: 5.4. Is there a reference for the Kerberos API?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>





Last Update March 27 2014 @ 02:11 PM