SASL

The Simple Authentication and Security Layer (SASL) is a framework for providing authentication and authorization to comunications protocols. It is defined in RFC 2222 [1 ]. The design attempts to separate the implementation of authentication mechanisms from the implementation of communications protocols. The result is a set of available mechanisms that a server and client can select among.

SASL is currently found in SMTP, IMAP, LDAP, BEEP, XMPP and in HTTP authentication. Some common mechanisms are ANONYMOUS [4 ], PLAIN, LOGIN, CRAM-MD5 [3 ], DIGEST-MD5 [2 ], NTLM and Kerberos.

tcllib 1.8 contains an implementation of SASL that supports the most common mechanisms. TclSASL is a Tcl interface to the cyrus-sasl library which supports all those implemented by that library.


See Marshall T. Rose's excellent "Using SASL: Pluggable Security" [5 ].


Also see SASL and TWAPI.