SASL(Simple Authentication and Security Layer) is a framework for application protocols to add authentication and data security support.
The SASL framework does not specify the technology used to perform the authentication, that is the responsibility for each SASL mechanism. The supported mechanisms are CRAM-MD5, GSSAPI, PLAIN...
Typically a SASL negotiation works as follows. First the client requests authentication (possibly implicitly by connecting to the server). The server responds with a list of supported mechanisms. The client chose one of the mechanisms. The client and server then exchange data, one round-trip at a time, until authentication either succeeds or fails. After that, the client and server knows more about who is on the other end of the channel.
Client: Request authentication exchange
Server: Initial challenge
Client: Initial response <additional challenge/response messages>
Server: Outcome of authentication exchange
具体的交换方式跟认证机制有关,有空了我写个简单的样例。
- SASL RFC: https://tools.ietf.org/html/rfc4422
- SASL Programming: http://www.comfsm.fm/computing/cyrus-sasl-lib/programming.html