The Cyrus SASL (Simple Authentication and Security Layer)

SASL is the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based protocols.
To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating
protection of subsequent protocol interactions. If its use is
negotiated, a security layer is inserted between the protocol
and the connection.

FEATURES
--------
The following mechanisms are included in this distribution:
ANONYMOUS
CRAM-MD5
DIGEST-MD5
GSSAPI (MIT Kerberos 5 or Heimdal Kerberos 5)
KERBEROS_V4
PLAIN

The library can use a Berkeley DB, gdbm or ndbm file on the server
side to store per-user authentication secrets.  The utility saslpasswd
has been included for adding authentication secrets to the file.

PLAIN can either check /etc/passwd, Kerberos V4, use PAM, or the sasl
secrets database.  By default PAM is used if PAM is found, then
Kerberos, finally /etc/passwd (non-shadow).  This is tweakable in the
configuration file.  Please see
"${PREFIX}/share/doc/sasl/sysadmin.html".

The sample directory contains two programs which provide a reference
for using the library, as well as making it easy to test a mechanism
on the command line.  See "${PREFIX}/share/doc/sasl/programming.html"
for more information.

WWW: http://asg.web.cmu.edu/sasl/