Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 5.2. What is GSSAPI? Next Document: 5.4. Is there a reference for the Kerberos API? See reader questions & answers on this topic! - Help others by sharing your knowledge SASL is an acronym; it stands for Simple Authentication and Security Layer. SASL is a generic protocol framework for doing various sorts of authentication between clients and server. In SASL termology, application protocols such as POP, IMAP, and SMTP specify a "SASL profile," which describes how to encapsulate SASL negotiation and SASL messages for that protocol. Different authentication schemes are called "mechanisms" in the SASL framework. How does this relate to Kerberos? One of the supported mechanisms for SASL is GSSAPI, and since Kerberos is one of the standardized GSSAPI mechanisms, protocols that use SASL for authentication support Kerberos authentication via the GSSAPI. It's important to clarify one thing: while a protocol may support SASL, it's not required that applications that implement that protocol support all security mechanisms. In other words, a particular mail reader may support SASL, but it might not support the GSSAPI mechanism. You need to talk to the vendor to find out which mechanisms each application supports. SASL is described by the following RFC: * RFC 2222 - <http://www.ietf.org/rfc/rfc2222.txt> Some example of SASL profiles for application protocols are: POP RFC 1734 - <http://www.ietf.org/rfc/rfc1734.txt> IMAP RFC 1731 - <http://www.ietf.org/rfc/rfc1731.txt>> SMTP RFC 2554 - <http://www.ietf.org/rfc/rfc2554.txt> A number of SASL libraries are available for programmers who don't wish to write their own SASL code. The most common open-source one is Cyrus SASL. It's available at: * <ftp://ftp.andrew.cmu.edu/pub/cyrus-mail> User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 5.2. What is GSSAPI? Next Document: 5.4. Is there a reference for the Kerberos API? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: