Simple Authentication and Security Layer for Developers

This feature is new in the Solaris Express 12/03 release.

Simple Authentication and Security Layer (SASL) provides developers of applications and shared libraries with interfaces for adding authentication, data integrity checking, and encryption to connection-based protocols.

SASL consists of the following items:

• Library, libsasl, which provides an API for applications that need authentication, privacy, and integrity services

• Service provider interface (SPI) for third-party plug-ins to add new authentication methods, name canonicalization rules, and property stores

• Header files for development

• Plug-ins that are supplied by Sun for these mechanisms:

  • EXTERNAL

  • PLAIN

  • CRAM-MD5

  • DIGEST-MD5

  • GSS-API

  • GSS-SPNEGO

SASL enables the developer to write to a generic API without having to be concerned about the details of security mechanisms. When developed to use SASL appropriately, servers and clients can use new security mechanisms, naming and user canonicalization plug-ins, and auxprop plug-ins without recompilation.

SASL is described in RFC 2222. SASL is particularly appropriate for applications that use the following protocols that support SASL:

• IMAP

• SMTP

• ACAP

• LDAP

For more information about SASL, see the libsasl(3LIB) man page. See also the Solaris Security for Developers Guide.