Read Me First

This document offers a general overview of the SASL library.


The following mechanisms are included in this distribution: The library uses a Berkeley DB, gdbm or ndbm file on the server side to store per-user authentication secrets. The utility saslpasswd has been included for adding authentication secrets to the file.

PLAIN uses the saslauthd (preferred and now standard), the pwcheck daemon (obsolete), or an auxilliary property plugin (for example, sasldb).

The sample directory contains two programs which provide a reference for using the library, as well as making it easy to test a mechanism on the command line. See programming.html for more information.

This library is believed to be thread safe IF:


If you are upgrading from libsasl v1, please see upgrading.html.

Please see the file install.html to install this package. We hope it to be relatively straightforward; if you try it on systems that we haven't, please contact us with your experiences.

The library uses the environment variable SASL_PATH to locate the directory where the mechanisms are; this should be a colon-separated list of directories containing plugins.


Please read macosx.html


By default, libsasl looks for configuration files in /usr/lib/sasl/Appname.conf where Appname is settable by the application (for example, Sendmail 8.10 and later set this to "Sendmail"). Applications can also override this default configuration mechanism.

For a detailed guide on configuring libsasl, please look at sysadmin.html and options.html


UPGRADING from Cyrus SASL v1

See upgrading.html.


For any comments/suggestions/bug reports, please contact Be sure to include the version of libsasl and your operating system; messages without this information will not be answered.

Major contributors to the libsasl code can be found in the top-level file AUTHORS.

Back to the index