Home
Cyrus IMAP
Download
Contribute
Cyrus SASL
Cyrus SASL
Cyrus SASL
Download
Get SASL
Installation
Quick install guide
Detailed installation guide
Supported platforms
Release Notes
Supported Product Series
Series 2.1
Older Versions
Series 2: 2.0
Series 1
Note for Packagers
Quickstart guide
Features
Typical Installation
Configuration
Concepts
SASL
SASL Authentication Mechanisms
Security Layers
Channel Binding
Realms
Protocols
Cyrus SASL
The Glue Library
Auxiliary Properties
Plugins
Setup
Installation
Quick install guide
Tarball installation
Unix package Installation
Configuration
Detailed installation guide
Requirements
Build Configuration
Building and Installation
Compilation Hints
Application Configuration
Supported platforms
Upgrading from v1 to v2
Backwards Compatibility
Coexistence with SASLv1
Database Upgrades
Errors on migration
Components
The Application
The SASL Glue Layer
Plugins
Plugins: General
Plugins: SASL Mechanisms
Plugins: Auxiliary Property
Plugins: Username Canonicalization
Password Verification Services
Options
SASL Library
Auxiliary Property Plugin
GSSAPI
LDAPDB
Notes on LDAPDB
Examples
OTP
SASLDB
Notes on sasldb with LMDB
SQL Plugin
Notes on SQL
Examples
SRP
Kerberos V4
Advanced Usage
Notes for Advanced Usage of libsasl
Using Cyrus SASL as a static library
Operations
System Administrators
What SASL is
Authentication and authorization identifiers
Realms
How SASL works
The PLAIN mechanism,
sasl_checkpass()
, and plaintext passwords
Shared secrets mechanisms
Kerberos mechanism
The OTP mechanism
Auxiliary Properties
How to set configuration options
The default configuration file
Application configuration
Default pathnames
Troubleshooting
Man pages
(3) Library Files
SASL
- SASL Authentication Library
sasl_authorize_t
- The SASL authorization callback
sasl_auxprop
- How to work with SASL auxiliary properties
sasl_auxprop_add_plugin
- add a SASL auxiliary property plugin
sasl_auxprop_getctx
- Acquire an auxiliary property context
sasl_auxprop_request
- Request auxiliary properties from SASL
sasl_callbacks
- How to work with SASL callbacks
sasl_canon_user_t
- Application-supplied user canonicalization function
sasl_canonuser_add_plugin
- add a SASL user canonicalization plugin
sasl_chalprompt_t
- Realm acquisition callback
sasl_checkapop
- Check an APOP challenge/response
sasl_checkpass
- Check a plaintext password
sasl_client_add_plugin
- add a SASL client plugin
sasl_client_done
- Cleanup function
sasl_client_init
- SASL client authentication initialization
sasl_client_new
- Create a new client authentication object
sasl_client_plug_init_t
- client plug‐in entry point
sasl_client_start
- Begin an authentication negotiation
sasl_client_step
- Perform a step in the authentication negotiation
sasl_decode
- Decode data received
sasl_decode64
- Decode base64 string
sasl_dispose
- Dispose of a SASL connection object
sasl_done
- Dispose of a SASL connection object
sasl_encode
- Encode data for transport to authenticated host
sasl_encode64
- Encode base64 string
sasl_encodev
- Encode data for transport to authenticated host
sasl_erasebuffer
- erase buffer
sasl_errdetail
- Retrieve detailed information about an error
sasl_errors
- SASL error codes
sasl_errstring
- Translate a SASL return code to a human-readable form
sasl_getcallback_t
- callback function to lookup a sasl_callback_t for a connection
sasl_getconfpath_t
- The SASL callback to indicate location of the config files
sasl_getopt_t
- The SASL get option callback
sasl_getpath_t
- The SASL callback to indicate location of the mechanism drivers
sasl_getprop
- Get a SASL property
sasl_getrealm_t
- Realm Acquisition Callback
sasl_getsecret_t
- The SASL callback for secrets (passwords)
sasl_getsimple_t
- The SASL callback for username/authname/realm
sasl_global_listmech
- Retrieve a list of the supported SASL mechanisms
sasl_idle
- Perform precalculations during an idle period
sasl_listmech
- Retrieve a list of the supported SASL mechanisms
sasl_log_t
- The SASL logging callback
sasl_server_add_plugin
- add a SASL server plugin
sasl_server_done
- Cleanup function
sasl_server_init
- SASL server authentication initialization
sasl_server_new
- Create a new server authentication object
sasl_server_plug_init_t
- server plug‐in entry point
sasl_server_start
- Begin an authentication negotiation
sasl_server_step
- Perform a step in the authentication negotiation
sasl_server_userdb_checkpass_t
- Plaintext Password Verification Callback
sasl_server_userdb_setpass_t
- UserDB Plaintext Password Setting Callback
sasl_set_alloc
- set the memory allocation functions used by the SASL library
sasl_set_mutex
- set the mutex lock functions used by the SASL library
sasl_seterror
- set the error string
sasl_setpass
- Check a plaintext password
sasl_setprop
- Set a SASL property
sasl_user_exists
- Check if a user exists on server
sasl_usererr
- Remove information leak about accounts from sasl error codes
sasl_utf8verify
- Verify a string is valid utf8
sasl_verifyfile_t
- The SASL file verification
Auxiliary Properties
Auxiliary Properties and the Glue Layer
Passwords and other Data
sasldb
ldapdb
sql
User Canonicalization
Authentication Mechanisms
Mechanisms
ANONYMOUS
EXTERNAL
GS2
GSSAPI
GSS-SPNEGO
OTP
PASSDSS
PLAIN
SCRAM
SRP
Non-SASL Authentication
Summary
Pwcheck
Auxprop
Auxprop-hashed
Saslauthd
Authdaemon
Alwaystrue
Auto Transition
Frequently Asked Questions
What is the difference between an Authorization ID and a Authentication ID?
How do I configure OpenLDAP +SASL+GSSAPI?
Why does CyrusSasl store plaintext passwords in its databases?
RFCs and drafts
Why does SCRAM not work with CyrusSaslauthd?
Other Documentation & Resources
Developers
Converting Applications from v1 to v2
Tips for both clients and servers
Tips for clients
Tips for Servers
Application Programmer’s Guide
Introduction
About this Guide
What is SASL?
Background
How did the world work before SASL?
SASL to the rescue!
Briefly
What is the Cyrus SASL library good for?
What does the Cyrus SASL library do?
What doesn’t the Cyrus SASL library do?
Client-only Section
A typical interaction from the client’s perspective
How does this look in code
Server-only Section
A typical interaction from the server’s perspective
How does this look in code?
Common Section
Callbacks and Interactions
Security layers
Example applications that come with the Cyrus SASL library
sample-client
and
sample-server
Cyrus imapd v2.1.0 or later
imtest
, from Cyrus 2.1.0 or later
Miscellaneous Information
Empty exchanges
Idle
Plugin Programmer’s Guide
Introduction
About this Guide
What is SASL?
Common Section
Overview of Plugin Programming
Use of sasl_utils_t
Error Reporting
Memory Allocation
Client Send First / Server Send Last
Client Plugins
Server Plugins
User Canonicalization (canon_user) Plugins
Auxiliary Property (auxprop) Plugins
Testing
Testing the CMU SASL Library with the included sample applications
Example
Running the Testsuite application
Support/Community
IMAP
Cyrus IMAP
Cyrus SASL
Docs v2.1.28
»
Search
Please activate JavaScript to enable the search functionality.