Read Me First

This document offers a general overview of the Cyrus SASL library. The Cyrus SASL Libray provides applications with an implementation of the Simple Authentication and Security Layer (RFC2222), and several authentication mechanisms. Users interested in the "big picture" of what is provided by the library should read about Cyrus SASL Components.


The following mechanisms are included in this distribution: The library also supports storing user secrets in either a hash database (e.g. Berkeley DB, gdbm, ndbm), LDAP, or in a SQL database (MySQL, Postgres). Additionally, mechanisms such as PLAIN and LOGIN (where the plaintext password is directly supplied by the client) can perform direct password verification via the saslauthd daemon. This allows the use of LDAP, PAM, and a variety of other password verification routines. The sample directory contains two programs which provide a reference for using the library, as well as making it easy to test a mechanism on the command line. See programming.html for more information.

This library is believed to be thread safe IF:


First, if you are upgrading from Cyrus SASLv1, please see upgrading.html.

Please see the file install.html for instructions on how to install this package.

Note that the library can use the environment variable SASL_PATH to locate the directory where the mechanisms are; this should be a colon-separated list of directories containing plugins. Otherwise it will default to the value of --with-plugindir as supplied to configure (which itself defaults to /usr/local/lib).


Please read macosx.html


Please read windows.html. This configuration has not been extensively tested.


There are two main ways to configure the SASL library for a given application. The first (and typically easiest) is to make use of the application's configuration files. Provided the application supports it (via the SASL_CB_GETOPT callback), please refer to that documetation for how to supply SASL options.

Alternatively, Cyrus SASL looks for configuration files in /usr/lib/sasl/Appname.conf where Appname is settable by the application (for example, Sendmail 8.10 and later set this to "Sendmail").

Configuration using the application's configuration files (via the getopt callback) will override those supplied by the SASL configuration files.

For a detailed guide on configuring libsasl, please look at sysadmin.html and options.html



For any comments/suggestions/bug reports, please contact Be sure to include the version of libsasl and your operating system; messages without this information will not be answered.

Major contributors to the libsasl code can be found in the top-level file AUTHORS. Additionally saslauthd has an AUTHORS file that lists major contributors as well.

People considering doing binary distributions that include saslauthd should be aware that the code is covered by several slightly different (but compatible) licenses, due to how it was contributed. Details can be found within the source code.

Back to the index