GNU SASL Library - Libgsasl


GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP, XMPP) to request authentication from clients, and in clients to authenticate against servers.

GNU SASL consists of a C library (libgsasl), a command-line application (gsasl), and a manual. The library supports the ANONYMOUS, CRAM-MD5, DIGEST-MD5, EXTERNAL, GS2-KRB5, GSSAPI, LOGIN, NTLM, OPENID20, PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256, SCRAM-SHA-256-PLUS, SAML20, and SECURID mechanisms.

The library is portable because it does not do network communication by itself, but rather leaves it up to the calling application. The library is flexible with regards to the authorization infrastructure used, as it utilizes callbacks into the application to decide whether an user is authorized or not.

The GNU SASL Library (lib/) is licensed under the GNU Lesser General Public License (LGPL) version 2.1 (or later). The GNU project typically uses the GNU General Public License (GPL) for libraries, and not the LGPL, but for this project we decided that we would get more help from the community if we used the LGPLv2.1+, as other free SASL implementations exists. See also Why you shouldn't use the Lesser GPL for your next library.

The command-line application and test suite (src/ and tests/) are licensed under the GNU General Public License license version 3.0 (or later). The documentation (doc/) is licensed under the GNU Free Documentation License version 1.3 (or later). See the file doc/fdl-1.3.texi.

Some of the goals with this project are:

Table of Contents

Documentation and Status

Refer to the GNU SASL Manual web page for links to the manual in all formats; however, quick links to the most popular formats:

See also the various standard texts:

GNU SASL has been ported to Windows and there are some resources around this effort:

Free software projects using GNU SASL include:

Let us know about more free software projects that use GNU SASL!


A mailing list where GNU SASL users may help each other exists, and you can reach it by sending e-mail to Archives of the mailing list discussions, and an interface to manage subscriptions, is available through the World Wide Web at


The releases are distributed from

The latest release is signed with OpenPGP key with fingerprint F8C4 D73C F638 C53C 06BE. Earlier releases were signed with an OpenPGP key with fingerprint B565716F or OpenPGP key with fingerprint 5A33 0664 A769 5426 5E8C.


There are Savannah GNU SASL and GitLab GNU SASL project pages. You can check out the sources as follows:

$ git clone

See the file README-hacking for complete information on how to bootstrap and build the package from version controlled sources.

We publish cyclomatic code complexity charts, self-test code coverage charts, and Clang code analysis


You need at least a shell, a C compiler and a Make tool to build GNU SASL.

GNU SASL will enable certain features if you have the following optional external libraries installed:


Report all problems to, but please read the manual on how to report bugs first.


Note that new releases are only mentioned here if they introduce a major feature or is significant in some other way. Read the help-gsasl mailing list if you seek more frequent announcements.

Information on what is new in the software is found in the NEWS and lib/NEWS file (live version).