This is the Cyrus SASL API implentation. It can be used on the client
or server side to provide authentication. See RFC 2222 for more
information.

The following mechanisms are included in this distribution:
ANONYMOUS
CRAM-MD5
KERBEROS_V4
PLAIN
SCRAM-MD5 (deprecated)
GSSAPI (MIT Kerberos 5 or Heimdal Kerberos 5)
DIGEST-MD5 (beta)

In order to get rc4 encryption under digest-md5, you'll need an
implementation of rc4.  This might be export controlled (which is why
it's a seperate package); if you think you have an export license,
know that don't need one, or aren't planning to export it, it's
available under <http://andrew2.andrew.cmu.edu/dist/>.

The library uses the enviornment variable SASL_PATH to locate the
directory where the mechanisms are; this should be a colon-seperated
list of directories containing plugins.

The library uses a gdbm or ndbm file on the server side to store
per-user authentication secrets (except for the PLAIN mechanism, which
tries to use crypt with /etc/passwd and /etc/shadow, if
available).  The utility saslpassed has been included for adding
authentication secrets to the file.

The sample directory contains two programs which provide a reference
for using the library, as well as making it easy to test a mechanism
on the command line.

We use a slightly unusual version of libtool--this one (libtool-1.2f)
includes inter-library dependancies when linking dynamic libraries.
Hopefully, this will be released to the rest of the world sometime
soon; as is, it works for us...

Known Bugs: SCRAM-MD5 is no longer being maintained, and probably
needs some work in order to be useable.  DIGEST-MD5 is still unstable.
The interfaces for setting local and remote IP addresses will likely
change at some point in the future.

Comments/Suggestions:

Rob Earhart (rob@andrew.cmu.edu)
Tim Martin (tmartin@andrew.cmu.edu)


References:

[ANONYMOUS] Newman, C., "Anonymous SASL Mechanism", RFC 2245, November
1997.

[CRAM-MD5] Klensin, Catoe, Krumviede, "IMAP/POP AUTHorize Extension
for Simple Challenge/Response", RFC 2195, September 1997.

[KEYED-MD5] Krawczyk, Bellare, Canetti, "HMAC: Keyed-Hashing for Message
Authentication", RFC 2104, February 1997. 

[PLAIN] Newman, C., "Using TLS with IMAP4, POP3 and ACAP",
draft-newman-tls-imappop-xx.txt, Work in progress.

[SASL] Myers, J., "Simple Authentication and Security Layer (SASL)",
RFC 2222, October 1997.

[SCRAM-MD5] Newman, C., "Salted Challenge Response Authentication
Mechanism", draft-newman-auth-scram-xx.txt, Work in progress.
