GNU SASL Reference Manual

gsasl-version.h — version symbols
gsasl.h — main library interfaces
gsasl-mech.h — register new application-defined mechanism

GNU SASL is an implementation of the Simple Authentication and Security Layer (SASL) framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP, XMPP) to request authentication from clients, and in clients to authenticate against servers.

GNU SASL consists of a C library (libgsasl), a command-line application (gsasl), and a manual. The library supports the ANONYMOUS, CRAM-MD5, DIGEST-MD5, EXTERNAL, GS2-KRB5, GSSAPI, LOGIN, NTLM, OPENID20, PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256, SCRAM-SHA-256-PLUS, SAML20, and SECURID mechanisms.

The design of the library and the intended interaction between applications and the library through the official API is shown in Figure 1, “Illustration of separation between application and individual mechanism”.

Figure 1. Illustration of separation between application and individual mechanism

Illustration of separation between application and individual mechanism

The operation of an application using the library can best be understood in terms of a flow chart diagram, as shown in Figure 2, “High-level control flow of SASL application”. The details on how the actual negotiation are carried out are illustrated in Figure 3, “Low-level control flow of SASL application”.

Figure 2. High-level control flow of SASL application

High-level control flow of SASL application

Figure 3. Low-level control flow of SASL application

Low-level control flow of SASL application