What is authentication using SASL?

What is the difference between SSL and SASL?

If an email server is using a SASL to authenticate a user, ?

In that case, what exactly is a SASL-capable email server? For example: if I connect to and it sends me my username and password in clear text, and then does an authentication against LDAP or Active Directory or whatever, that is a SASL capable mail server. Or am I not understanding this correctly? The term SSL is actually used for much more than just encryption. For example the use of SSL has become a de facto standard in email security and also a common protocol for securing Web browsers and other network access to other machines. Also, SSL is the name of a family of protocols and standards. You can use them to send secure (encrypted) communication, and they do encrypt communications between your browser and the server but there are many different types of encryption schemes and not all of them are necessarily secure. So while one type of encryption is known as "SSL" it can be any of the dozens of encryption protocols in this family. In fact that's probably one reason SSL became such a common and de facto standard - there are so many that the name has become used to describe multiple unrelated systems.

SASL is something a bit different. It stands for simple authentication and security layer and it is also the name of a particular authentication mechanism used with a mail server. For email you typically connect to a mail server over an encrypted channel but if you want to connect as a client you can't assume that will happen and you need to instead use a protocol like SASL which you can see more about on Wikipedia here and here.

That said, even if you've configured your email client and web browser to use SASL your connection may not be secure because if your web browser is set up to request a page over an SSL connection it will automatically use TLS which adds a layer of security but also adds overhead for your connection. So SASL is probably better and provides better security in a more efficient fashion. However, I'd recommend that you use the web browser SSL connection if available.

What is the security protocol SASL mechanism?

SASL/EXTERNAL auth is based on the username of the logged in user.

So if your username is the same on two applications and you do not have any other credentials, SASL/EXTERNAL will work fine for you.

If you have a different set of credentials (such as user id, password) than the username set up for the server, SASL/DIGEST-MD5-sasl will not work. In other words, the application username you use for signing in should be the same as the account username used by the server in the Authentication process. If you use the HTTP client in PHP, SASL/EXTERNAL is supported out of the box. If you use any other method for the HTTP client (CURL, AFNetworking, etc), SASL/EXTERNAL will need to be enabled. You can do that by opening a file named /etc/php5/apache2/conf.d/sasl.ini.e. Add a new line:

Saslenable = yes. To that file. After doing so, open the apache2 config file and make sure that the sasl directive matches what is listed above. Then restart apache. Note that you may also need to restart php-cli.

You will then be able to use SASL/EXTERNAL for authentication. If you need to sign in on both sides (for example, to get started on a new project where you are unable to create a new user on the server), it is recommended that you use SASL/EXTERNAL and SASL/DIGEST-MD5-sasl as they are more secure, but if your username and password is the same on both sides, you should be fine with SASL/EXTERNAL.

How to log into a web server via command line? How to install a new application on a website? How to install and configure a new application on a website? How to move the website from one web hosting account to another? What if I want to change the website? I need to change the website language. How to do that? What are the best methods to backup a website? How can I make changes to the HTML code of my website (via FTP)?

Related Answers

Is SASL the same as SSL?

Active Directory (AD) is Microsoft's server and client solution. It is in...

What does SASL mean?

SASL stands for Simple Authentication and Security Layer. It's...

What is the authentication protocol of SASL?

A SASL authentication is any form of authentication which is perform...