The SCRAM-SHA-1 mechanism is designed to provide (almost) the same capabilities as CRAM-MD5 and DIGEST-MD5 but use modern cryptographic techniques such as HMAC-SHA-1 hashing and PKCS#5 PBKDF2 key derivation. SCRAM-SHA-1 supports authorization identities. Like CRAM-MD5 and DIGEST-MD5, only a hashed password is transferred. Consequently, SCRAM-SHA-1 needs access to the correct password to verify the client response. Channel bindings are supported through the SCRAM-SHA-1-PLUS mechanism.
In the client, the non-PLUS mechanism is always enabled, and it
requires the GSASL_AUTHID
property, and either
GSASL_PASSWORD
or GSASL_SCRAM_SALTED_PASSWORD
. When the
GSASL_CB_TLS_UNIQUE
property is available, the SCRAM-SHA-1-PLUS
mechanism is also available and it will negotiate channel bindings
when the server also supports it. If set, GSASL_AUTHZID
will
be used by the client. To be able to return the proper
GSASL_SCRAM_SALTED_PASSWORD
value, the client needs to check
the GSASL_SCRAM_ITER
and GSASL_SCRAM_SALT
values which
are available when the GSASL_SCRAM_SALTED_PASSWORD
property is
queried for.
In the server, the mechanism will require the GSASL_PASSWORD
callback property, which may use the GSASL_AUTHID
property to
determine which users' password should be used. The
GSASL_AUTHID
will be in normalized form. The server will then
normalize the returned password, and compare the client response with
the computed correct response, and accept the user accordingly. The
server may also set the GSASL_SCRAM_ITER
and
GSASL_SCRAM_SALT
properties to influence the values to be used
by clients to derive a key from a password. When the
GSASL_CB_TLS_UNIQUE
property is set, the SCRAM-SHA-1-PLUS
mechanism is supported and is used to negotiate channel bindings.
The GSASL_CB_TLS_UNIQUE
property signal that this side of the
authentication supports channel bindings. Setting the property will
enable the SCRAM-SHA-1-PLUS mechanism. For clients, this also
instructs the SCRAM-SHA-1 mechanism to tell servers that the client
believes the server does not support channel bindings if it is used
(remember that clients should otherwise have chosen the
SCRAM-SHA-1-PLUS mechanism instead of the SCRAM-SHA-1 mechanism). For
servers, it means the SCRAM-SHA-1 mechanism will refuse to
authenticate against a client that signals that it believes the server
does not support channel bindings.
The SCRAM-SHA-1-PLUS mechanism will never complete authentication successfully if channel bindings are not confirmed.