Operations

• System Administrators
  • What SASL is
    • Authentication and authorization identifiers
    • Realms
  • How SASL works
    • The PLAIN mechanism, sasl_checkpass(), and plaintext passwords
    • Shared secrets mechanisms
    • Kerberos mechanisms
    • The OTP mechanism
  • Auxiliary Properties
  • How to set configuration options
    • The default configuration file
    • Application configuration
  • Troubleshooting
• Man pages
  • (3) Library Files
    • SASL - SASL Authentication Library
    • sasl_authorize_t - The SASL authorization callback
    • sasl_auxprop - How to work with SASL auxiliary properties
    • sasl_auxprop_add_plugin - add a SASL auxiliary property plugin
    • sasl_auxprop_getctx - Acquire an auxiliary property context
    • sasl_auxprop_request - Request auxiliary properties from SASL
    • sasl_callbacks - How to work with SASL callbacks
    • sasl_canon_user_t - Application-supplied user canonicalization function
    • sasl_canonuser_add_plugin - add a SASL user canonicalization plugin
    • sasl_chalprompt_t - Realm acquisition callback
    • sasl_checkapop - Check an APOP challenge/response
    • sasl_checkpass - Check a plaintext password
    • sasl_client_add_plugin - add a SASL client plugin
    • sasl_client_done - Cleanup function
    • sasl_client_init - SASL client authentication initialization
    • sasl_client_new - Create a new client authentication object
    • sasl_client_plug_init_t - client plug‐in entry point
    • sasl_client_start - Begin an authentication negotiation
    • sasl_client_step - Perform a step in the authentication negotiation
    • sasl_decode - Decode data received
    • sasl_decode64 - Decode base64 string
    • sasl_dispose - Dispose of a SASL connection object
    • sasl_done - Dispose of a SASL connection object
    • sasl_encode - Encode data for transport to authenticated host
    • sasl_encode64 - Encode base64 string
    • sasl_encodev - Encode data for transport to authenticated host
    • sasl_erasebuffer - erase buffer
    • sasl_errdetail - Retrieve detailed information about an error
    • sasl_errors - SASL error codes
    • sasl_errstring - Translate a SASL return code to a human-readable form
    • sasl_getcallback_t - callback function to lookup a sasl_callback_t for a connection
    • sasl_getconfpath_t - The SASL callback to indicate location of the config files
    • sasl_getopt_t - The SASL get option callback
    • sasl_getpath_t - The SASL callback to indicate location of the mechanism drivers
    • sasl_getprop - Get a SASL property
    • sasl_getrealm_t - Realm Acquisition Callback
    • sasl_getsecret_t - The SASL callback for secrets (passwords)
    • sasl_getsimple_t - The SASL callback for username/authname/realm
    • sasl_global_listmech - Retrieve a list of the supported SASL mechanisms
    • sasl_idle - Perform precalculations during an idle period
    • sasl_listmech - Retrieve a list of the supported SASL mechanisms
    • sasl_log_t - The SASL logging callback
    • sasl_server_add_plugin - add a SASL server plugin
    • sasl_server_done - Cleanup function
    • sasl_server_init - SASL server authentication initialization
    • sasl_server_new - Create a new server authentication object
    • sasl_server_plug_init_t - server plug‐in entry point
    • sasl_server_start - Begin an authentication negotiation
    • sasl_server_step - Perform a step in the authentication negotiation
    • sasl_server_userdb_checkpass_t - Plaintext Password Verification Callback
    • sasl_server_userdb_setpass_t - UserDB Plaintext Password Setting Callback
    • sasl_set_alloc - set the memory allocation functions used by the SASL library
    • sasl_set_mutex - set the mutex lock functions used by the SASL library
    • sasl_seterror - set the error string
    • sasl_setpass - Check a plaintext password
    • sasl_setprop - Set a SASL property
    • sasl_user_exists - Check if a user exists on server
    • sasl_usererr - Remove information leak about accounts from sasl error codes
    • sasl_utf8verify - Verify a string is valid utf8
    • sasl_verifyfile_t - The SASL file verification
• Auxiliary Properties
  • Auxiliary Properties and the Glue Layer
  • Passwords and other Data
  • sasldb
  • ldapdb
  • sql
  • User Canonicalization
• Authentication Mechanisms
  • Mechanisms
    • ANONYMOUS
    • CRAM-MD5
    • DIGEST-MD5
    • EXTERNAL
    • GS2
    • GSSAPI
    • GSS-SPEGNO
    • KERBEROS_V4
    • LOGIN
    • NTLM
    • OTP
    • PASSDSS
    • PLAIN
    • SCRAM
    • SRP
    • Non-SASL Authentication
  • Summary
• Pwcheck
  • Auxprop
  • Auxprop-hashed
  • Saslauthd
  • Authdaemon
  • Alwaystrue
  • Auto Transition
• Frequently Asked Questions
  • What is the difference between an Authorization ID and a Authentication ID?
  • Why do CRAM-MD5, DIGEST-MD5 and SCRAM not work with CyrusSaslauthd?
  • How do I configure OpenLDAP +SASL+GSSAPI?
  • Why does CyrusSasl store plaintext passwords in its databases?
  • RFCs and drafts
  • Why am I having a problem running dbconverter-2 to upgrade from SASLv1 to SASLv2?
• Other Documentation & Resources