![]() |
![]() |
![]() |
![]() |
GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms.
GNU SASL consists of a library (libgsasl), a command line utility (gsasl) to access the library from the shell, and a manual. The library includes support for the framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the ANONYMOUS, CRAM-MD5, DIGEST-MD5, EXTERNAL, GS2-KRB5, GSSAPI, LOGIN, NTLM, PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256, SCRAM-SHA-256-PLUS, SAML20, OPENID20, and SECURID mechanisms.
The design of the library and the intended interaction between applications and the library through the official API is shown in Figure 1, “Illustration of separation between application and individual mechanism”.
The operation of an application using the library can best be understood in terms of a flow chart diagram, as shown in Figure 2, “High-level control flow of SASL application”. The details on how the actual negotiation are carried out are illustrated in Figure 3, “Low-level control flow of SASL application”.