Skip to content

Latest commit

 

History

History
 
 

sasl

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 

SASL

SASL(Simple Authentication and Security Layer) is a framework for application protocols to add authentication and data security support.

The SASL framework does not specify the technology used to perform the authentication, that is the responsibility for each SASL mechanism. The supported mechanisms are CRAM-MD5, GSSAPI, PLAIN...

Authentication exchange

Typically a SASL negotiation works as follows. First the client requests authentication (possibly implicitly by connecting to the server). The server responds with a list of supported mechanisms. The client chose one of the mechanisms. The client and server then exchange data, one round-trip at a time, until authentication either succeeds or fails. After that, the client and server knows more about who is on the other end of the channel.

Client: Request authentication exchange
Server: Initial challenge
Client: Initial response <additional challenge/response messages>
Server: Outcome of authentication exchange

具体的交换方式跟认证机制有关,有空了我写个简单的样例。

Reference