Main copy is located here. It may contain newer information.

Base SASL documents

Document Reference
SASL draft-ietf-sasl-rfc2222bis A. Melnikov <Alexey.Melnikov at>
SASLprep (Unicode username/password preparation for SASL) draft-ietf-sasl-saslprep Kurt D. Zeilenga <Kurt at>
C draft-newman-sasl-c-api Chris Newman <chris.newman at>

A. Melnikov <Alexey.Melnikov at>

SASL mechanisms

SASL mechanism name
Document Reference
ANONYMOUS Anonymous SASL Mechanism RFC 2245 Chris Newman <chris.newman at>
Updated by draft-ietf-sasl-anon Kurt D. Zeilenga <Kurt at>
PLAIN Plain login mechanism (single step) RFC 2595 Chris Newman <chris.newman at>
Updated by draft-ietf-sasl-plain Kurt D. Zeilenga <Kurt at>
LOGIN Plain login mechanism (two step)
Kenneth Murchison <ken at>

Mark Crispin <MRC at CAC.Washington.EDU>

CRAM-MD5 Challenge-Response Authentication Mechanism RFC 2195 John C. Klensin <klensin at>,

Randy Catoe <randy at>,

Paul Krumviede <paul at>

    Updated by draft-ietf-sasl-crammd5 Lyndon Nerenberg <lyndon at>
OTP The One-Time-Password SASL Mechanism RFC 2444 Chris Newman <chris.newman at>
DIGEST-MD5 Digest Authentication as a SASL Mechanism RFC 2831 Paul Leach <paulle at>,

Chris Newman <chris.newman at>

Updated by draft-ietf-sasl-rfc2831bis Paul Leach <paulle at>,

Chris Newman <chris.newman at>

A. Melnikov <Alexey.Melnikov at>



SASL GSSAPI mechanisms:

GSSAPI is for Kerberos V5 GSSAPI

GSS-algorithm is for GSSAPI algorithm, other than Kerberos V5


Updates GSSAPI definition in RFC 2222

John G. Myers <jgmyers at>
KERBEROS_V4 Kerberos V4 RFC 2222 John G. Myers <jgmyers at>
SKEY S/KEY (defined in RFC 1760) One-Time-Password SASL that uses MD4 digest algorithm. 

Obsoleted by OTP

RFC 2222 John G. Myers <jgmyers at>
EXTERNAL Mechanism that verifies TLS/SSL, IPSec, PPP, ...) RFC 2222 John G. Myers <jgmyers at>
Revision in draft-ietf-sasl-rfc2222bis A. Melnikov <Alexey.Melnikov at>
SECURID The SecurID(r) SASL Mechanism RFC 2808 Magnus Nystrom <magnus at>,

John Brainard <jbrainard at>

Secure Remote Password SASL Mechanism
draft-burdis-cat-srp-sasl K.R. Burdis <cskb at>,

R. Naffah <raif at>



ISO/IEC 9798-3 Authentication SASL Mechanism.
  • "9798-U-<algorithm>" for unilateral client authentication.
  • "9798-M-<algorithm>" for mutual authentication.
Currently defined <algorithm>s:
  • DSA-SHA1
RFC 3163 Robert Zuccherato <robert.zuccherato at>

Magnus Nystrom <magnus at>

  Undocumented or expired documents    
NTLM Proprietary Microsoft authentication mechanism   Registered by Paul Leach <paulle at>
NMAS_LOGIN, NMAS_AUTHEN ?   Registered by Mark G. Gayman <mgayman at>
PASSDSS-3DES-1 DSS Secured Password Authentication Mechanism draft-newman-sasl-passdss-01.txt Chris Newman <chris.newman at>
SCRAM-MD5 Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-03.txt Chris Newman <chris.newman at>



X.509 Authentication SASL Mechanisms:
  • "X509-C-<algorithm>" for client authentication only  
  • "X509-S-<algorithm>" for server authentication only  
  • "X509-B-<algorithm>" for client and server authentication. In this case client authentication is done prior to server authentication. 
draft-ietf-ldapext-x509-sasl Steve Kille <Steve.Kille at>
ROAMING-ELGAMAL ROAMING-ELGAMAL SASL Authentication Mechanism draft-overell-roaming-elgamal-sasl-00.txt P. Overell <paulo at>
SM2-<SASL-mechanism-name> SM2 -- A Session Management Capable SASL Mechanism draft-naffah-cat-sasl-sm2 David Taylor <dtaylor at>

Raif S. Naffah <raif at>


SASL profiles
Document Reference
SMTP RFC 2554 John G. Myers <jgmyers at>
Updated by draft-siemborski-rfc2554bis R. Siemborski <rjs3+ at>
POP3 RFC 1734 John G. Myers <jgmyers at>
Updated by draft-siemborski-rfc1734bis R. Siemborski <rjs3+ at>
IMAP4 RFC 2060
(see AUTHENTICATE command)
M. Crispin <MRC at CAC.Washington.EDU>
Also draft-siemborski-imap-sasl-initial-response R. Siemborski <rjs3+ at>
ACAP RFC 2244 Chris Newman <chris.newman at>,
John G. Myers <jgmyers at>
BEEP RFC 3080 Marshall T. Rose <mrose at>
XMPP draft-ietf-xmpp-core Peter Saint-Andre<stpeter at>
LDAP LDAPv3 (RFC 2251) Mark Wahl <M.Wahl at>,
Tim Howes 
<howes at>,
Steve Kille  <Steve.Kille at>
Authentication Methods for LDAP (RFC 2829) M. Wahl <M.Wahl at>
H. Alvestrand <Harald at>
J. Hodges <JHodges at>
R. Morgan <rlmorgan at>
Updated by LDAP: Authentication Methods and Connection Level Security Mechanisms R. Harrison <roger_harrison at>
NNTP Draft expired Chris Newman <chris.newman at>
Telnet Draft expired Chris Newman <chris.newman at>
HTTP draft-nystrom-http-sasl    Magnus Nystrom <magnus at>

   Alexey Melnikov <mel at>



Document Reference
C draft-newman-sasl-c-api Chris Newman <chris.newman at>

A. Melnikov <Alexey.Melnikov at>

Java draft-weltman-java-sasl John Myers <jgmyers at>

Rob Weltman <rweltman at>

Please, don't send general questions like "What is SASL?" to authors of SASL mechanism documents.
They are busy people.

If you want to add/update information, send the author an email

Table of contents for IETF standard related pages

List composed by Alexey Melnikov. Feel free to send him updates/additions/comments to this list.
Information published on this page is for developers use only. It is prohibited to use this information for commercial purposes.
There is no guaranty that information on this page is accurate and/or up-to-date.

Last updated 09 May 2004

Thank you to Claus Assmann <ca at> for hosting my technical pages

Thank you to all people who sent me updates