GNU SASL README -- Important introductory notes.
Copyright (C) 2002, 2003 Simon Josefsson
See the end for copying conditions.

This directory holds GNU SASL which is an implementation of the Simple
Authentication and Security Layer (SASL).  See ANNOUNCE for an
overview, and doc/gsasl.{info,ps,pdf} for the manual.

Currently there is some support for the following mechanisms:

  - CRAM-MD5 (RFC 2195, requires libgcrypt)
  - EXTERNAL (RFC 2222)
  - GSSAPI (RFC 2222, requires GSS, Heimdal or MIT Kerberos library)
  - ANONYMOUS (RFC 2245)
  - PLAIN (RFC 2595)
  - SECURID (RFC 2808)
  - DIGEST-MD5 (RFC 2831, requires libgcrypt)
  - LOGIN (non-standard)
  - NTLM (non-standard, client only, requires libntlm)
  - KERBEROS_V5 (experimental, requires shishi)

Things left to do below.  If you like to start working on anything,
please let me know so work duplication can be avoided.

  * Bug: If gsasl_decode is handed a string longer than one SASL token,
    the remaining data will be discarded.  This means if the sender
    packed two SASL tokens in one network packet, only the first will be
    seen.  To fix this the best way, and the same time also improve
    string handling (security), the entire SASL step API probably
    should change.  Later: It occured to me that the en/de-code functions
    can simply buffer the left over data until the next invocation.
    Still, it would be nice to change the API to one that encapsulates
    string operations inte a separate package (my safestring.*).
  + Authentication infrastructure implementing the callbacks for
    PAM, Kerberos, SQL, etc.  Separate project?  GNU Mailutils has
    some starting points for this, but the API is inflexible.
  + Provide standard callbacks for tty, GTK, gpg-agent etc.  Probably
    should be a separate library.
  + Hide explicit data array handling in a string API
  + Port applications to use libgsasl
  + More SASL mechanisms
  + Security layer improvements, including support for privacy
    separation (authenticate in one process, pass state to another).
  - Improve documentation
  - Port to Cyclone? CCured?

The GNU SASL library, command-line application and test suite (lib/,
src/, and tests/) are licensed under the GNU Public License license
(see COPYING), and the documentation (doc/) is licensed under the GNU
Free Documentation License (see COPYING.DOC).  The remaining
sub-directories (gl/) are distributed here for convenience and have
their own respective licenses, they are not part of GNU SASL proper.

For updates to the project, see <http://www.gnu.org/software/gsasl/>.

----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
