BREAKING: Knocking Down The HACIENDA

GNU hackers opened the GHM by revealing the offensive HACIENDA global surveillance program for TWD, and how to knock it down with stealth TCP services! Watch it now! [more]

GNU SASL Library - Libgsasl


Introduction

GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP) to request authentication from clients, and in clients to authenticate against servers.

GNU SASL consists of a library (`libgsasl'), a command line utility (`gsasl') to access the library from the shell, and a manual. The library includes support for the framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, SCRAM-SHA-1, SCRAM-SHA-1-PLUS, LOGIN, and NTLM mechanisms.

The library is portable because it does not do network communication by itself, but rather leaves it up to the calling application. The library is flexible with regards to the authorization infrastructure used, as it utilizes callbacks into the application to decide whether an user is authorized or not.

GNU SASL is written in pure ANSI C89 to be portable to embedded and otherwise limited platforms. The entire library, with full support for ANONYMOUS, EXTERNAL, PLAIN, LOGIN and CRAM-MD5, and the front-end that supports client and server mode, and the IMAP and SMTP protocols, fits in under 80kb on an Intel x86 platform, without any modifications to the code. (This figure was accurate as of version 1.1.)

GNU SASL is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.

The core GNU SASL library, and most mechanisms, are licensed under the GNU Lesser General Public version 2.1 (or later). It is distributed separately, as the "libgsasl" package. The GNU SASL command line application, self test suite and more are licensed under the GNU General Public License version 3 (or later). The "gsasl" package distribution includes the library part as well, so you do not need to install two packages.

Some of the goals with this project are:

Table of Contents

Documentation and Status

Refer to the GNU SASL Manual web page for links to the manual in all formats; however, quick links to the most popular formats:

See also the various standard texts:

Currently the ANONYMOUS, EXTERNAL, CRAM-MD5, DIGEST-MD5, GS2-KRB5, GSS-API, PLAIN, LOGIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS, and SECURID mechanisms are implemented and work both in client and server mode. The NTLM mechanism is implemented in client mode only.

The library has been used in production for several years and should be considered mature.

GNU SASL has been ported to Windows and there are some resources around this effort:

Free software projects using GNU SASL include:

Let us know about more free software projects that use GNU SASL!

Support

A mailing list where GNU SASL users may help each other exists, and you can reach it by sending e-mail to help-gsasl@gnu.org. Archives of the mailing list discussions, and an interface to manage subscriptions, is available through the World Wide Web at http://lists.gnu.org/mailman/listinfo/help-gsasl.

If you are interested in paid support of GNU SASL, or sponsor the development, please contact me. If you provide paid services for GNU SASL, and would like to be mentioned here, also contact me.

If you find GNU SASL useful, please consider making a donation. No amount is too small!

News

Note that new releases are only mentioned here if they introduce a major feature or is significant in some other way. Read the help-gsasl mailing list if you seek more frequent announcements.

Information on what is new in the library itself is found in the NEWS and lib/NEWS file (live version).

Downloading

The releases are distributed from ftp://ftp.gnu.org/gnu/gsasl/.

All official releases are signed with an OpenPGP key with fingerprint 0xB565716F.

Unofficial Windows binaries are provided by Francis Brosnan Blazquez at Sourceforge's Vortex project.

Development

There is a Savannah GNU SASL project page. You can check out the sources by using git as follows:

$ git clone git://git.savannah.gnu.org/gsasl.git

The online git interface is available.

Notifications of each commit is sent to gsasl-commit@gnu.org.

If you have trouble using git, you may download a daily snapshot. The snapshots are prepared similar to regular releases, i.e., you simply build them using ./configure && make.

Build logs from building the package, where you can also contribute a build system for your own platform, are available from the GNU SASL autobuild page.

See the file README-alpha on how to bootstrap and build the package from version controlled sources.

For every release, we publish cyclomatic code complexity charts for the package. There is also self-test code coverage charts available.

Dependencies

You need at least a shell, a C compiler and a Make tool to build GNU SASL.

GNU SASL will enable certain features if you have the following optional external libraries installed:

Bugs

Report all problems to bug-gsasl@gnu.org, but please read the manual on how to report bugs first.


Valid XHTML 1.0 Strict

 [FSF logo] “Our mission is to preserve, protect and promote the freedom to use, study, copy, modify, and redistribute computer software, and to defend the rights of Free Software users.”

The Free Software Foundation is the principal organizational sponsor of the GNU Operating System. Support GNU and the FSF by buying manuals and gear, joining the FSF as an associate member, or making a donation, either directly to the FSF or via Flattr.

back to top

Translations of this page