1.1 RFC2222 SASL

The Simple Authentication and Security Layer (SASL) is a method based on RFC2222 for adding authentication support to connection-based protocols. To use this specification, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating a security layer for subsequent protocol interactions. The command has a required parameter that identifies an SASL mechanism.

SASL mechanisms are named by strings, from 1-20 characters in length, that consist of uppercase letters, digits, hyphens, and underscores. SASL mechanism names must be registered with the IANA. Exact registration procedures are given in the “Registration Procedures” section of RFC2222.

Mechanisms

Owner

Reference

KERBEROS_V4

IESG <iesg@ietf.org>

RFC2222

For more information, see “Simple Authentication and Security Layer (SASL)” by J. Myers in the October 1997 issues of Netscape Communications.

GSSAPI

IESG <iesg@ietf.org>

RFC2222

SKEY (OBSOLETE)

IESG <iesg@ietf.org>

RFC2444

For more information, see “The One-Time-Password SASL Mechanism” by C. Newman in October 1998.

EXTERNAL

IESG <iesg@ietf.org>

RFC2222

CRAM-MD5

IESG <iesg@ietf.org>

RFC2195

For more information, see “IMAP/POP Authorize Extension for Simple Challenge/Response” by J. Klensin, R. Catoe, and P. Krumviede from MCI in September 1997.

ANONYMOUS

IESG <iesg@ietf.org>

RFC2245

For more information, see “Anonymous SASL Mechanism” by C. Newman at Innosoft in November 1997.

OTP

IESG <iesg@ietf.org>

RFC2444

GSS_SPNEGO

Paul Leach <paulle@microsoft.com>

Leach

PLAIN

IESG <iesg@ietf.org>

RFC2595

For more information, see “Using TLS with IMAP, POP3, and ACAP” by C. Newman at Innosoft in June 1999.

SECURID

Magnus Nystrom <magnus@rsasecurity.com>

RFC2808

For more information, see “The SecurID(r) SASL Mechanism” by M. Nystrom in April 2000.

NTLM

Paul Leach <paulle@microsoft.com>

Leach

NMAS_LOGIN

Mark G. Gayman <mgayman@novell.com>

Gayman

NMAS_AUTHEN

Mark G. Gayman <mgayman@novell.com>

Gayman

DIGEST-MD5

IESG <iesg@ietf.org>

RFC2831

For more information, see “Using Digest Authentication as a SASL Mechanism” by P. Leach and C. Newman in May 2000.

9798-U-RSA-SHA1-ENC

robert.zuccherato@entrust.com

RFC3163

For more information, see “ISO/IEC 9798-3 Authentication SASL Mechanism” by R. Zuccherato and M. Nystrom in August 2001.

9798-M-RSA-SHA1-ENC

robert.zuccherato@entrust.com

RFC3163

9798-U-DSA-SHA1

robert.zuccherato@entrust.com

RFC3163

9798-M-DSA-SHA1

robert.zuccherato@entrust.com

RFC3163

9798-U-ECDSA-SHA1

robert.zuccherato@entrust.com

RFC3163

9798-M-ECDSA-SHA1

robert.zuccherato@entrust.com

RFC3163