Illustration 1.1: Logical overview showing how applications use authentication mechanisms through an abstract interface.
GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms.
GNU SASL consists of a library (libgsasl), a command line
utility (gsasl) to access the library from the shell, and a
manual. The library includes support for the framework (with
authentication functions and application data privacy and integrity
functions) and at least partial support for the ANONYMOUS, CRAM-MD5,
DIGEST-MD5, EXTERNAL, GS2-KRB5, GSSAPI, LOGIN, NTLM, PLAIN,
SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SAML20, OPENID20, and SECURID
mechanisms.
The library is easily ported because it does not do network communication by itself, but rather leaves it up to the calling application. The library is flexible with regards to the authorization infrastructure used, as it utilizes a callback into the application to decide whether a user is authorized or not.
GNU SASL is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.
GNU SASL is written in pure ANSI C89 to be portable to embedded and otherwise limited platforms. The entire library, with full support for ANONYMOUS, EXTERNAL, PLAIN, LOGIN and CRAM-MD5, and the front-end that supports client and server mode, and the IMAP and SMTP protocols, fits in under 80kb on an Intel x86 platform, without any modifications to the code. (This figure was accurate as of version 1.1.)
The design of the library and the intended interaction between applications and the library through the official API is illustrated below.