1<!-- $Id: mechanisms.html,v 1.8 2008/10/31 15:18:46 murch Exp $ --> 2<HTML> 3<HEAD> 4<TITLE>SASL Mechanism Properties/Features</TITLE> 5</HEAD> 6<BODY> 7<h2>SASL Mechanism Properties/Features</h2> 8 9This table shows what security flags and features are supported by each 10of the mechanisms provided by the Cyrus SASL Library.<p> 11 12<TABLE BORDER=1 CELLSPACING=1 CELLPADDING=2> 13 14<TR> 15<TH ROWSPAN=2><br></TH> 16<TH ROWSPAN=2>MAX<br>SSF</TH> 17<TH COLSPAN=7>SECURITY PROPERTIES</TH> 18<TH COLSPAN=4>FEATURES</TH> 19</TR> 20 21<TR> 22<TH><CENTER>NOPLAIN</CENTER></TH> 23<TH><CENTER>NOACTIVE</CENTER></TH> 24<TH><CENTER>NODICT</CENTER></TH> 25<TH><CENTER>FORWARD</CENTER></TH> 26<TH><CENTER>NOANON</CENTER></TH> 27<TH><CENTER>CRED</CENTER></TH> 28<TH><CENTER>MUTUAL</CENTER></TH> 29<TH><CENTER>CLT FIRST</CENTER></TH> 30<TH><CENTER>SRV FIRST</CENTER></TH> 31<TH><CENTER>SRV LAST</CENTER></TH> 32<TH><CENTER>PROXY</CENTER></TH> 33</TR> 34 35<TR> 36<TH>ANONYMOUS</TH> 37<TD><CENTER>0</CENTER></TD> 38<TD><CENTER>X</CENTER></TD> 39<TD><CENTER><br></CENTER></TD> 40<TD><CENTER><br></CENTER></TD> 41<TD><CENTER><br></CENTER></TD> 42<TD><CENTER><br></CENTER></TD> 43<TD><CENTER><br></CENTER></TD> 44<TD><CENTER><br></CENTER></TD> 45<TD><CENTER>X</CENTER></TD> 46<TD><CENTER><br></CENTER></TD> 47<TD><CENTER><br></CENTER></TD> 48<TD><CENTER><br></CENTER></TD> 49</TR> 50 51<TR> 52<TH>CRAM-MD5</TH> 53<TD><CENTER>0</CENTER></TD> 54<TD><CENTER>X</CENTER></TD> 55<TD><CENTER><br></CENTER></TD> 56<TD><CENTER><br></CENTER></TD> 57<TD><CENTER><br></CENTER></TD> 58<TD><CENTER>X</CENTER></TD> 59<TD><CENTER><br></CENTER></TD> 60<TD><CENTER><br></CENTER></TD> 61<TD><CENTER><br></CENTER></TD> 62<TD><CENTER>X</CENTER></TD> 63<TD><CENTER><br></CENTER></TD> 64<TD><CENTER><br></CENTER></TD> 65</TR> 66 67<TR> 68<TH>DIGEST-MD5</TH> 69<TD><CENTER>128</CENTER></TD> 70<TD><CENTER>X</CENTER></TD> 71<TD><CENTER><br></CENTER></TD> 72<TD><CENTER><br></CENTER></TD> 73<TD><CENTER><br></CENTER></TD> 74<TD><CENTER>X</CENTER></TD> 75<TD><CENTER><br></CENTER></TD> 76<TD><CENTER>X</CENTER></TD> 77<TD><CENTER>reauth</CENTER></TD> 78<TD><CENTER>initial auth</CENTER></TD> 79<TD><CENTER>X</CENTER></TD> 80<TD><CENTER>X</CENTER></TD> 81</TR> 82 83<TR> 84<TH>EXTERNAL</TH> 85<TD><CENTER>0</CENTER></TD> 86<TD><CENTER>X</CENTER></TD> 87<TD><CENTER><br></CENTER></TD> 88<TD><CENTER>X</CENTER></TD> 89<TD><CENTER><br></CENTER></TD> 90<TD><CENTER>X</CENTER></TD> 91<TD><CENTER><br></CENTER></TD> 92<TD><CENTER><br></CENTER></TD> 93<TD><CENTER>X</CENTER></TD> 94<TD><CENTER><br></CENTER></TD> 95<TD><CENTER><br></CENTER></TD> 96<TD><CENTER>X</CENTER></TD> 97</TR> 98 99<TR> 100<TH>GSSAPI</TH> 101<TD><CENTER>56</CENTER></TD> 102<TD><CENTER>X</CENTER></TD> 103<TD><CENTER>X</CENTER></TD> 104<TD><CENTER><br></CENTER></TD> 105<TD><CENTER><br></CENTER></TD> 106<TD><CENTER>X</CENTER></TD> 107<TD><CENTER><br></CENTER></TD> 108<TD><CENTER>X</CENTER></TD> 109<TD><CENTER>X</CENTER></TD> 110<TD><CENTER><br></CENTER></TD> 111<TD><CENTER><br></CENTER></TD> 112<TD><CENTER>X</CENTER></TD> 113</TR> 114 115<TR> 116<TH>KERBEROS_V4</TH> 117<TD><CENTER>56</CENTER></TD> 118<TD><CENTER>X</CENTER></TD> 119<TD><CENTER>X</CENTER></TD> 120<TD><CENTER><br></CENTER></TD> 121<TD><CENTER><br></CENTER></TD> 122<TD><CENTER>X</CENTER></TD> 123<TD><CENTER><br></CENTER></TD> 124<TD><CENTER>X</CENTER></TD> 125<TD><CENTER><br></CENTER></TD> 126<TD><CENTER>X</CENTER></TD> 127<TD><CENTER><br></CENTER></TD> 128<TD><CENTER>X</CENTER></TD> 129</TR> 130 131<TR> 132<TH>LOGIN</TH> 133<TD><CENTER>0</CENTER></TD> 134<TD><CENTER><br></CENTER></TD> 135<TD><CENTER><br></CENTER></TD> 136<TD><CENTER><br></CENTER></TD> 137<TD><CENTER><br></CENTER></TD> 138<TD><CENTER>X</CENTER></TD> 139<TD><CENTER>X</CENTER></TD> 140<TD><CENTER><br></CENTER></TD> 141<TD><CENTER><br></CENTER></TD> 142<TD><CENTER>X</CENTER></TD> 143<TD><CENTER><br></CENTER></TD> 144<TD><CENTER><br></CENTER></TD> 145</TR> 146 147<TR> 148<TH>NTLM</TH> 149<TD><CENTER>0</CENTER></TD> 150<TD><CENTER>X</CENTER></TD> 151<TD><CENTER><br></CENTER></TD> 152<TD><CENTER><br></CENTER></TD> 153<TD><CENTER><br></CENTER></TD> 154<TD><CENTER>X</CENTER></TD> 155<TD><CENTER><br></CENTER></TD> 156<TD><CENTER><br></CENTER></TD> 157<TD><CENTER>X</CENTER></TD> 158<TD><CENTER><br></CENTER></TD> 159<TD><CENTER><br></CENTER></TD> 160<TD><CENTER><br></CENTER></TD> 161</TR> 162 163<TR> 164<TH>OTP</TH> 165<TD><CENTER>0</CENTER></TD> 166<TD><CENTER>X</CENTER></TD> 167<TD><CENTER><br></CENTER></TD> 168<TD><CENTER><br></CENTER></TD> 169<TD><CENTER>X</CENTER></TD> 170<TD><CENTER>X</CENTER></TD> 171<TD><CENTER><br></CENTER></TD> 172<TD><CENTER><br></CENTER></TD> 173<TD><CENTER>X</CENTER></TD> 174<TD><CENTER><br></CENTER></TD> 175<TD><CENTER><br></CENTER></TD> 176<TD><CENTER>X</CENTER></TD> 177</TR> 178 179<TR> 180<TH>PASSDSS-3DES-1</TH> 181<TD><CENTER>112</CENTER></TD> 182<TD><CENTER>X</CENTER></TD> 183<TD><CENTER>X</CENTER></TD> 184<TD><CENTER>X</CENTER></TD> 185<TD><CENTER>X</CENTER></TD> 186<TD><CENTER>X</CENTER></TD> 187<TD><CENTER>X</CENTER></TD> 188<TD><CENTER>X</CENTER></TD> 189<TD><CENTER>X</CENTER></TD> 190<TD><CENTER><br></CENTER></TD> 191<TD><CENTER><br></CENTER></TD> 192<TD><CENTER>X</CENTER></TD> 193</TR> 194 195<TR> 196<TH>PLAIN</TH> 197<TD><CENTER>0</CENTER></TD> 198<TD><CENTER><br></CENTER></TD> 199<TD><CENTER><br></CENTER></TD> 200<TD><CENTER><br></CENTER></TD> 201<TD><CENTER><br></CENTER></TD> 202<TD><CENTER>X</CENTER></TD> 203<TD><CENTER>X</CENTER></TD> 204<TD><CENTER><br></CENTER></TD> 205<TD><CENTER>X</CENTER></TD> 206<TD><CENTER><br></CENTER></TD> 207<TD><CENTER><br></CENTER></TD> 208<TD><CENTER>X</CENTER></TD> 209</TR> 210<!-- 211<TR> 212<TH>SECURID</TH> 213<TD><CENTER>0</CENTER></TD> 214<TD><CENTER>X</CENTER></TD> 215<TD><CENTER><br></CENTER></TD> 216<TD><CENTER><br></CENTER></TD> 217<TD><CENTER>X</CENTER></TD> 218<TD><CENTER>X</CENTER></TD> 219<TD><CENTER><br></CENTER></TD> 220<TD><CENTER><br></CENTER></TD> 221<TD><CENTER>X</CENTER></TD> 222<TD><CENTER><br></CENTER></TD> 223<TD><CENTER><br></CENTER></TD> 224<TD><CENTER>X</CENTER></TD> 225</TR> 226 227<TR> 228<TH>SKEY</TH> 229<TD><CENTER>0</CENTER></TD> 230<TD><CENTER>X</CENTER></TD> 231<TD><CENTER><br></CENTER></TD> 232<TD><CENTER><br></CENTER></TD> 233<TD><CENTER>X</CENTER></TD> 234<TD><CENTER>X</CENTER></TD> 235<TD><CENTER><br></CENTER></TD> 236<TD><CENTER><br></CENTER></TD> 237<TD><CENTER>X</CENTER></TD> 238<TD><CENTER><br></CENTER></TD> 239<TD><CENTER><br></CENTER></TD> 240<TD><CENTER><br></CENTER></TD> 241</TR> 242--> 243<TR> 244<TH>SRP</TH> 245<TD><CENTER>128</CENTER></TD> 246<TD><CENTER>X</CENTER></TD> 247<TD><CENTER>X</CENTER></TD> 248<TD><CENTER>X</CENTER></TD> 249<TD><CENTER>X</CENTER></TD> 250<TD><CENTER>X</CENTER></TD> 251<TD><CENTER><br></CENTER></TD> 252<TD><CENTER>X</CENTER></TD> 253<TD><CENTER>X</CENTER></TD> 254<TD><CENTER><br></CENTER></TD> 255<TD><CENTER>X</CENTER></TD> 256<TD><CENTER>X</CENTER></TD> 257</TR> 258 259</TABLE> 260 261<h3>Understanding this table:</h3> 262<ul> 263<li><b>MAX SSF</b> - The maximum Security Strength Factor supported 264by the mechanism (roughly the number of bits of encryption provided, but may 265have other meanings, for example an SSF of 1 indicates integrity protection 266only, no encryption).</li> 267<li><b>NOPLAIN</b> - Mechanism is not susceptable to simple passive 268(eavesdropping) attack.</li> 269<li><b>NOACTIVE</b> - Protection from active (non-dictionary) attacks 270during authentication exchange. (Implies <b>MUTUAL</b>).</li> 271<li><b>NODICT</b> - Not susceptable to passive dictionary attack.</li> 272<li><b>FORWARD</b> - Breaking one session won't help break the next.</li> 273<li><b>NOANON</b> - Don't permit anonymous logins.</li> 274<li><b>CRED</b> - Mechanism can pass client credentials.</li> 275<li><b>MUTUAL</b> - Supports mutual authentication (authenticates the server 276to the client)</li> 277<li><b>CLTFIRST</b> - The client should send first in this mechanism.</li> 278<li><b>SRVFIRST</b> - The server must send first in this mechanism.</li> 279<li><b>SRVLAST</b> - This mechanism supports server-send-last configurations.</li> 280<li><b>PROXY</b> - This mechanism supports proxy authentication.</li> 281</ul> 282 283</BODY> 284</HTML> 285