Read Me First
This document offers a general overview of the Cyrus SASL library.
The Cyrus SASL Libray provides applications with an implementation
of the Simple Authentication and Security Layer (RFC2222), and
several authentication mechanisms.  Users interested in the "big picture"
of what is provided by the library should read about
components.htmlCyrus SASL Components .
FEATURES
The following 
mechanisms.htmlmechanisms  are included in
this distribution:
ANONYMOUS
CRAM-MD5
DIGEST-MD5
EXTERNAL
GSSAPI (MIT Kerberos 5, Heimdal Kerberos 5 or CyberSafe)
KERBEROS_V4
LOGIN
NTLM (requires OpenSSL libcrypto)
OTP (requires OpenSSL libcrypto)
PLAIN
SRP (work in progress; requires OpenSSL libcrypto)
The library also supports storing user secrets in either a hash
database (e.g. Berkeley DB, gdbm, ndbm), LDAP, or in a SQL database 
(MySQL, Postgres).
Additionally, mechanisms such as PLAIN and LOGIN
(where the plaintext password is directly supplied by the client)
can perform direct password verification via the saslauthd daemon.  This
allows the use of LDAP, PAM, and a variety of other password verification
routines.
The sample directory contains two programs which provide a reference
for using the library, as well as making it easy to test a mechanism
on the command line.  See 
programming.htmlprogramming.html  for more information.This library is believed to be thread safe IF:
you supply mutex functions (see sasl_set_mutex())
you make no libsasl calls until sasl_client/server_init() completes
no libsasl calls are made after sasl_done() is begun
when using GSSAPI, you use a thread-safe GSS / Kerberos 5 library.
TYPICAL UNIX INSTALLATION
First, if you are upgrading from Cyrus SASLv1, please see 
upgrading.htmlupgrading.html .Please see the file 
install.htmlinstall.html  for instructions
on how to install this package.
Note that the library can use the environment variable SASL_PATH to locate the
directory where the mechanisms are; this should be a colon-separated
list of directories containing plugins.  Otherwise it will default to the
value of 
--with-plugindir as supplied to configure (which
itself defaults to 
/usr/local/lib).
INSTALLATION ON MAC OS X
Please read 
macosx.htmlmacosx.html INSTALLATION ON WINDOWS
Please read 
windows.htmlwindows.html .  This configuration
has not been extensively tested.
CONFIGURATION
There are two main ways to configure the SASL library for a given
application.  The first (and typically easiest) is to make use
of the application's configuration files.  Provided the application supports it
(via the 
SASL_CB_GETOPT callback), please refer to that documetation
for how to supply 
options.htmlSASL options .Alternatively, Cyrus SASL looks for configuration files in
/usr/lib/sasl/Appname.conf where Appname is settable by the
application (for example, Sendmail 8.10 and later set this to
"Sendmail").
Configuration using the application's configuration files (via
the 
getopt callback) will override those supplied by
the SASL configuration files.
For a detailed guide on configuring libsasl, please look at
sysadmin.htmlsysadmin.html  and
options.htmloptions.html KNOWN BUGS
libtool doesn't always link libraries together.  In our environment,
we only have static Krb5 libraries; the GSSAPI plugin should link
these libraries in on platforms that support it (Solaris and Linux
among them) but it does not.  It also doesn't always get the runpath
of libraries correct.
Also see our http://bugzilla.andrew.cmu.edubugzilla .
AUTHORS
For any comments/suggestions/bug reports, please contact 
mailto:cyrus-bugs@andrew.cmu.educyrus-bugs@andrew.cmu.edu .
Be sure to include the version of libsasl and your operating system;
messages without this information will not be answered.
Major contributors to the libsasl code can be found in the top-level
file AUTHORS.  Additionally saslauthd has an AUTHORS file that lists
major contributors as well.
People considering doing binary distributions that include saslauthd
should be aware that the code is covered by several slightly different
(but compatible) licenses, due to how it was contributed.  Details can
be found within the source code.
Back to the 
index.htmlindex 