Updated 2013-04-24 11:28:11 by APN

The Simple Authentication and Security Layer (SASL) is a framework for providing authentication and authorization to comunications protocols. It is defined in RFC 2222 [1]. The design attempts to separate the implementation of authentication mechanisms from the implementation of communications protocols. The result is a set of available mechanisms that a server and client can select among.

SASL is currently found in SMTP, IMAP, LDAP, BEEP, XMPP and in HTTP authentication. Some common mechanisms are ANONYMOUS [2], PLAIN, LOGIN, [CRAM-MD5] [3], [DIGEST-MD5] [4], NTLM and Kerberos.

tcllib 1.8 contains an implementation of SASL that supports the most common mechanisms. TclSASL is a Tcl interface to the cyrus-sasl library which supports all those implemented by that library.

See Marshall T. Rose's excellent "Using SASL: Pluggable Security" [5].

Also see SASL and TWAPI.