The Simple Authentication and Security Layer (SASL) is a method based on RFC2222 for adding authentication support to connection-based protocols. To use this specification, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating a security layer for subsequent protocol interactions. The command has a required parameter that identifies an SASL mechanism.
SASL mechanisms are named by strings, from 1-20 characters in length, that consist of uppercase letters, digits, hyphens, and underscores. SASL mechanism names must be registered with the IANA. Exact registration procedures are given in the “Registration Procedures” section of RFC2222.
|
Mechanisms |
Owner |
Reference |
|---|---|---|
|
KERBEROS_V4 |
IESG <iesg@ietf.org> |
RFC2222 For more information, see “Simple Authentication and Security Layer (SASL)” by J. Myers in the October 1997 issues of Netscape Communications. |
|
GSSAPI |
IESG <iesg@ietf.org> |
RFC2222 |
|
SKEY (OBSOLETE) |
IESG <iesg@ietf.org> |
RFC2444 For more information, see “The One-Time-Password SASL Mechanism” by C. Newman in October 1998. |
|
EXTERNAL |
IESG <iesg@ietf.org> |
RFC2222 |
|
CRAM-MD5 |
IESG <iesg@ietf.org> |
RFC2195 For more information, see “IMAP/POP Authorize Extension for Simple Challenge/Response” by J. Klensin, R. Catoe, and P. Krumviede from MCI in September 1997. |
|
ANONYMOUS |
IESG <iesg@ietf.org> |
RFC2245 For more information, see “Anonymous SASL Mechanism” by C. Newman at Innosoft in November 1997. |
|
OTP |
IESG <iesg@ietf.org> |
RFC2444 |
|
GSS_SPNEGO |
Paul Leach <paulle@microsoft.com> |
Leach |
|
PLAIN |
IESG <iesg@ietf.org> |
RFC2595 For more information, see “Using TLS with IMAP, POP3, and ACAP” by C. Newman at Innosoft in June 1999. |
|
SECURID |
Magnus Nystrom <magnus@rsasecurity.com> |
RFC2808 For more information, see “The SecurID(r) SASL Mechanism” by M. Nystrom in April 2000. |
|
NTLM |
Paul Leach <paulle@microsoft.com> |
Leach |
|
NMAS_LOGIN |
Mark G. Gayman <mgayman@novell.com> |
Gayman |
|
NMAS_AUTHEN |
Mark G. Gayman <mgayman@novell.com> |
Gayman |
|
DIGEST-MD5 |
IESG <iesg@ietf.org> |
RFC2831 For more information, see “Using Digest Authentication as a SASL Mechanism” by P. Leach and C. Newman in May 2000. |
|
9798-U-RSA-SHA1-ENC |
robert.zuccherato@entrust.com |
RFC3163 For more information, see “ISO/IEC 9798-3 Authentication SASL Mechanism” by R. Zuccherato and M. Nystrom in August 2001. |
|
9798-M-RSA-SHA1-ENC |
robert.zuccherato@entrust.com |
RFC3163 |
|
9798-U-DSA-SHA1 |
robert.zuccherato@entrust.com |
RFC3163 |
|
9798-M-DSA-SHA1 |
robert.zuccherato@entrust.com |
RFC3163 |
|
9798-U-ECDSA-SHA1 |
robert.zuccherato@entrust.com |
RFC3163 |
|
9798-M-ECDSA-SHA1 |
robert.zuccherato@entrust.com |
RFC3163 |