Cyrus SASL

Welcome to Cyrus SASL.

What is Cyrus SASL?

Simple Authentication and Security Layer (SASL) is a specification that describes how authentication mechanisms can be plugged into an application protocol on the wire. Cyrus SASL is an implementation of SASL that makes it easy for application developers to integrate authentication mechanisms into their application in a generic way.

The latest stable version of Cyrus SASL is 2.1.28.

Cyrus IMAP uses Cyrus SASL to provide authentication support to the mail server, however it is just one project using Cyrus SASL.

Features

Cyrus SASL provides a number of authentication plugins out of the box.

Berkeley DB, GDBM, or NDBM (sasldb), PAM, MySQL, PostgreSQL, SQLite, LDAP, Active Directory (LDAP), DCE, Kerberos 4 and 5, proxied IMAP auth, getpwent, shadow, SIA, Courier Authdaemon, httpform, APOP and SASL mechanisms: ANONYMOUS, CRAM-MD5, DIGEST-MD5, EXTERNAL, GSSAPI, LOGIN, NTLM, OTP, PASSDSS, PLAIN, SCRAM, SRP

This document is an introduction to Cyrus SASL. It is not intended to be an exhaustive reference for the SASL Application Programming Interface (API), which is detailed in the SASL manual pages, and the libsasl.h header file.

Known Bugs

libtool doesn’t always link libraries together. In our environment, we only have static Krb5 libraries; the GSSAPI plugin should link these libraries in on platforms that support it (Solaris and Linux among them) but it does not. It also doesn’t always get the runpath of libraries correct.

Cyrus SASL

• Download
  • Get SASL
    • Installation
  • Release Notes
    • Supported Product Series
    • Older Versions
  • Note for Packagers
• Quickstart guide
  • Features
  • Typical Installation
  • Configuration
• Concepts
  • SASL
  • SASL Authentication Mechanisms
  • Security Layers
  • Channel Binding
  • Realms
  • Protocols
  • Cyrus SASL
  • The Glue Library
  • Auxiliary Properties
  • Plugins
• Setup
  • Installation
    • Quick install guide
    • Detailed installation guide
    • Supported platforms
  • Upgrading from v1 to v2
    • Backwards Compatibility
    • Coexistence with SASLv1
    • Database Upgrades
    • Errors on migration
  • Components
    • The Application
    • The SASL Glue Layer
    • Plugins
    • Password Verification Services
  • Options
    • SASL Library
    • Auxiliary Property Plugin
    • GSSAPI
    • LDAPDB
    • NTLM
    • OTP
    • Digest-md5
    • SASLDB
    • SQL Plugin
    • SRP
    • Kerberos V4
  • Advanced Usage
    • Notes for Advanced Usage of libsasl
• Operations
  • System Administrators
    • What SASL is
    • How SASL works
    • Auxiliary Properties
    • How to set configuration options
    • Troubleshooting
  • Man pages
    • (3) Library Files
  • Auxiliary Properties
    • Auxiliary Properties and the Glue Layer
    • Passwords and other Data
    • sasldb
    • ldapdb
    • sql
    • User Canonicalization
  • Authentication Mechanisms
    • Mechanisms
    • Summary
  • Pwcheck
    • Auxprop
    • Auxprop-hashed
    • Saslauthd
    • Authdaemon
    • Alwaystrue
    • Auto Transition
  • Frequently Asked Questions
    • What is the difference between an Authorization ID and a Authentication ID?
    • Why do CRAM-MD5, DIGEST-MD5 and SCRAM not work with CyrusSaslauthd?
    • How do I configure OpenLDAP +SASL+GSSAPI?
    • Why does CyrusSasl store plaintext passwords in its databases?
    • RFCs and drafts
    • Why am I having a problem running dbconverter-2 to upgrade from SASLv1 to SASLv2?
  • Other Documentation & Resources
• Developers
  • Converting Applications from v1 to v2
    • Tips for both clients and servers
    • Tips for clients
    • Tips for Servers
  • Application Programmer’s Guide
    • Introduction
    • Background
    • Briefly
    • Client-only Section
    • Server-only Section
    • Common Section
    • Example applications that come with the Cyrus SASL library
    • Miscellaneous Information
  • Plugin Programmer’s Guide
    • Introduction
    • Common Section
    • Client Plugins
    • Server Plugins
    • User Canonicalization (canon_user) Plugins
    • Auxiliary Property (auxprop) Plugins
  • Testing
    • Testing the CMU SASL Library with the included sample applications
    • Running the Testsuite application
• Support/Community

IMAP

• Cyrus IMAP