SASL Mechanism Properties/Features
This table shows what security flags and features are supported by each
of the mechanisms provided by the Cyrus SASL Library.
MAXSSFSECURITY PROPERTIESFEATURESNOPLAINNOACTIVENODICTFORWARDNOANONCREDMUTUALCLT FIRSTSRV FIRSTSRV LASTPROXYANONYMOUS 0 X X CRAM-MD5 0 X X X DIGEST-MD5 128 X X X reauth initial auth X X EXTERNAL 0 X X X X X GSSAPI 56 X X X X X X KERBEROS_V4 56 X X X X X X LOGIN 0 X X NTLM 0 X X X OTP 0 X X X X X PLAIN 0 X X X SRP 128 X X X X X X X X X Understanding this table:
MAX SSF - The maximum Security Strength Factor supported
by the mechanism (roughly the number of bits of encryption provided, but may
have other meanings, for example an SSF of 1 indicates integrity protection
only, no encryption).
NOPLAIN - Mechanism is not susceptable to simple passive
(eavesdropping) attack.
NOACTIVE - Protection from active (non-dictionary) attacks
during authentication exchange.  (Implies 
MUTUAL).NODICT - Not susceptable to passive dictionary attack.NOFORWARD - Breaking one session won't help break the next.NOANON - Don't permit anonymous logins.CRED - Mechanism can pass client credentials.MUTUAL - Supports mutual authentication (authenticates the server
to the client)
CLTFIRST - The client should send first in this mechanism.SRVFIRST - The server must send first in this mechanism.SRVLAST - This mechanism supports server-send-last configurations.PROXY - This mechanism supports proxy authentication.