SASL Mechanisms
A SASL mechanism implements a series of challenges and responses. Defined SASL mechanisms include:
- "EXTERNAL", where authentication is implicit in the context (e.g., for protocols already using IPsec or TLS)
- "ANONYMOUS", for unauthenticated guest access
- "PLAIN", a simple cleartext password mechanism.
- "OTP", a one-time password mechanism. OTP obsoleted the SKEY Mechanism.
- "SKEY", an S/KEY mechanism.
- "CRAM-MD5", a simple challenge-response scheme based on HMAC-MD5.
- "DIGEST-MD5", HTTP Digest compatible challenge-response scheme based upon MD5. DIGEST-MD5 offers a data security layer.
- "SCRAM", modern challenge-response scheme based mechanism with channel binding support
- "NTLM", an NT LAN Manager authentication mechanism
- "GSSAPI", for Kerberos V5 authentication via the GSSAPI. GSSAPI offers a data-security layer.
- GateKeeper (& GateKeeperPassport), a challenge-response mechanism developed by Microsoft for MSN Chat
The GS2 family of mechanisms supports arbitrary GSS-API mechanisms in SASL. It is now standardized as RFC 5801.
Read more about this topic: Simple Authentication And Security Layer