36 lines
1.3 KiB
Text
36 lines
1.3 KiB
Text
The Cyrus SASL (Simple Authentication and Security Layer)
|
|
|
|
SASL is the Simple Authentication and Security Layer, a method
|
|
for adding authentication support to connection-based protocols.
|
|
To use SASL, a protocol includes a command for identifying and
|
|
authenticating a user to a server and for optionally negotiating
|
|
protection of subsequent protocol interactions. If its use is
|
|
negotiated, a security layer is inserted between the protocol
|
|
and the connection.
|
|
|
|
FEATURES
|
|
--------
|
|
The following mechanisms are included in this distribution:
|
|
ANONYMOUS
|
|
CRAM-MD5
|
|
DIGEST-MD5
|
|
GSSAPI (MIT Kerberos 5 or Heimdal Kerberos 5)
|
|
KERBEROS_V4
|
|
PLAIN
|
|
|
|
The library can use a Berkeley DB, gdbm or ndbm file on the server
|
|
side to store per-user authentication secrets. The utility saslpasswd
|
|
has been included for adding authentication secrets to the file.
|
|
|
|
PLAIN can either check /etc/passwd, Kerberos V4, use PAM, or the sasl
|
|
secrets database. By default PAM is used if PAM is found, then
|
|
Kerberos, finally /etc/passwd (non-shadow). This is tweakable in the
|
|
configuration file. Please see
|
|
"${PREFIX}/share/doc/sasl/sysadmin.html".
|
|
|
|
The sample directory contains two programs which provide a reference
|
|
for using the library, as well as making it easy to test a mechanism
|
|
on the command line. See "${PREFIX}/share/doc/sasl/programming.html"
|
|
for more information.
|
|
|
|
WWW: http://asg.web.cmu.edu/sasl/
|