GNU SASL Library - Libgsasl

 [image of the Head of a GNU]

Table of Contents


GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP) to request authentication from clients, and in clients to authenticate against servers.

GNU SASL consists of a library (`libgsasl'), a command line utility (`gsasl') to access the library from the shell, and a manual. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM and KERBEROS_V5 mechanisms.

The library is portable because it does not do network communication by itself, but rather leaves it up to the calling application. The library is flexible with regards to the authorization infrastructure used, as it utilizes callbacks into the application to decide whether an user is authorized or not.

GNU SASL is written in pure ANSI C89 to be portable to embedded and otherwise limited platforms. The entire library, with full support for ANONYMOUS, EXTERNAL, PLAIN, LOGIN and CRAM-MD5, and the front-end that support client and server mode, and the IMAP and SMTP protocols, fits in under 60kb on an Intel x86 platform, without any modifications to the code.

GNU SASL is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.

For more information:

The core GNU SASL library, and most mechanisms, are licensed under the GNU Lesser General Public License. It is distributed separately, as the "libgsasl" package. The GNU SASL command line application, self test suite and more are licensed under the GNU General Public License. The "gsasl" package distribution includes the library part as well, so you do not need to install two packages.


Clean room implementation
This means the copyright and license conditions are clear.
It handles non-ASCII username and passwords by using SASLprep. User visible strings used in the library (error messages) can be translated into the users' language.
Thread safe library
This library uses no global state and multiple concurrent SASL sessions are possibly (e.g. in a multithreaded server).
It should work on all Unix like operating systems, including Windows. The library itself should be portable to any C89 system, not even POSIX is required.

Documentation and Status

Refer to the GNU SASL Manual web page for links to the manual in all formats; however, quick links to the most popular formats:

Currently the ANONYMOUS, EXTERNAL, PLAIN, LOGIN, SECURID, and CRAM-MD5 mechanisms are fully implemented in both client and server mode. The NTLM mechanism is implemented in client mode only. DIGEST-MD5 and GSSAPI are implemented in client and server mode, but not all features are supported (e.g., no security layers nor fast resumption).

The library has received very little real-world testing and should be considered alpha quality.

Projects using GNU SASL include:

Let us know about more projects that use GNU SASL!


A mailing list where GNU SASL users may help each other exists, and you can reach it by sending e-mail to Archives of the mailing list discussions, and an interface to manage subscriptions, is available through the World Wide Web at

If you are interested in paid support of GNU SASL, or sponsor the development, please contact me. If you provide paid services for GNU SASL, and would like to be mentioned here, also contact me.

If you find GNU SASL useful, please consider making a donation. No amount is too small!


Information on what is new in the package itself can be found in the NEWS file (live CVS version).


The releases are distributed from and

All official releases are signed with an OpenPGP key with fingerprint 0xB565716F.


GNU SASL is developed in CVS on a private machine. At irregular intervals, it is synchronized against a publicly available machine (just press enter at the password prompt):

$ cvs -d login
Logging in to
CVS password:
$ cvs -d co gsasl

See the file README-alpha on how to bootstrap and build the package from CVS.

If you only wish to extract the code covered by LGPL, do as follows:

$ cvs -d co gsasl/lib

This package is simpler to bootstrap, as it only includes a library and no manual or programs, but see lib/README-alpha for the full story.

The online CVS repository is available, and there is also some CVS statistics.

A log of recent CVS activity is also available. If you prefer a mailing list, notifications of each CVS change is also sent to

If you have trouble using CVS, you may download a daily snapshot. The snapshots are prepared similar to regular releases, i.e., you simply build them using ./configure && make.

Before each release, the package is built on many platforms. The latest results from the autobuilder are available online.


You need at least a shell, a C compiler and a Make tool to build GNU SASL.

GNU SASL will enable certain features if you have the following optional external libraries installed:


Report all problems to, but please read the manual on how to report bugs first.

Return to GNU's home page.

Please send FSF & GNU inquiries & questions to There are also other ways to contact the FSF.

Please send comments on these web pages to, send other questions to

Copyright © 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

Updated: $Date: 2006/11/24 08:37:28 $ $Author: ramprasadb $