GNU SASL is an implementation of the Simple Authentication and Security Layer (SASL) framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP, XMPP) to request authentication from clients, and in clients to authenticate against servers.
GNU SASL consists of a C library (libgsasl), a command-line application (gsasl), and a manual. The library supports the ANONYMOUS, CRAM-MD5, DIGEST-MD5, EXTERNAL, GS2-KRB5, GSSAPI, LOGIN, NTLM, OPENID20, PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256, SCRAM-SHA-256-PLUS, SAML20, and SECURID mechanisms.
The design of the library and the intended interaction between applications and the library through the official API is shown in Figure 1, “Illustration of separation between application and individual mechanism”.
The operation of an application using the library can best be understood in terms of a flow chart diagram, as shown in Figure 2, “High-level control flow of SASL application”. The details on how the actual negotiation are carried out are illustrated in Figure 3, “Low-level control flow of SASL application”.