The idea of SASL is to enable clients and servers to negotiate a mechanism how to authenticate a user. The original SASL was described in RFC 2222, which has later been made obsolete by RFC 4422. Read the introduction section for an overview:
SASL can also be used to negotiate an encrypted security layer, however this has nothing to do with HTTPS, LDAPS or TLS!!! The encryption layer will become active only ***AFTER*** authentication has happened.
SASL mechanisms are named by strings, mechanism names are registered with the IANA. The current list is available here:
sasl2-bin installs a number of command line utilities, and also takes care to install any dependencies such as
libsasl2-modules, which provides the most common SASL mechanisms LOGIN, PLAIN, ANONYMOUS, CRAM-MD5 and DIGEST-MD5.
The SASL user database is stored in
This database is used by some (but not all!) SASL mechanisms.
To create a new user:
saslpasswd2 -c <username>
To list the database (including realms):