GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers (e.g., IMAP, SMTP) to request authentication from clients, and in clients to authenticate against servers.

GNU SASL consists of a library (`libgsasl'), a command line utility (`gsasl') to access the library from the shell, and a manual. The library includes support for the framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM mechanisms.

The library is easily ported because it does not do network communication by itself, but rather leaves it up to the calling application. The library is flexible with regards to the authorization infrastructure used, as it utilizes callbacks into the application to decide whether a user is authorized or not. GNU SASL has been ported to many Unix flavors.

GNU SASL is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.

The GNU SASL library is licensed under the GNU Lesser General Public License (LGPL). The command-line application and test suite (src/, and tests/) are licensed under the GNU General Public License license (see COPYING), and the documentation (doc/) is licensed under the GNU Free Documentation License.

A conceptual view of how your application, the library, and each mechanism interact is shown in Figure 1, “Illustration of separation between application and individual mechanism”.

The operation of an application using the library can best be understood in terms of a flow chart diagram, as shown in Figure 2, “High-level control flow of SASL application”. The details on how the actual negotiation are carried out are illustrated in Figure 3, “Low-level control flow of SASL application”.