Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
GSASL(1)			 User Commands			      GSASL(1)

       gsasl - SASL library command line interface

       gsasl [OPTIONS]... [HOST	[PORT]]...

       GNU SASL	1.8.0

       Authenticate  user to a server using Simple Authentication and Security
       Layer.  Currently IMAP and SMTP servers are supported.  This is a  com-
       mand line interface for the GNU SASL library.

       -h, --help
	      Print help and exit

       -V, --version
	      Print version and	exit

       -c, --client
	      Act as client.  (default=on)

       -s, --server
	      Act as server.  (default=off)

	      Write  name of supported client mechanisms separated by space to
	      stdout.  (default=off)

	      Write name of supported server mechanisms	separated by space  to
	      stdout.  (default=off)

   Network options:
	      Connect  to  TCP	server	and  negotiate	on  stream  instead of
	      stdin/stdout. PORT is the	protocol service, or an	integer	denot-
	      ing  the port, and defaults to 143 (imap)	if not specified. Also
	      sets the --hostname default.

   Generic options:
       -d, --application-data
	      After authentication, read data from stdin and  run  it  through
	      the  mechanism's	security  layer	and print it base64 encoded to
	      stdout. The default is to	terminate after	authentication.


       --imap Use a IMAP-like logon procedure (client only).   Also  sets  the
	      --service	default	to 'imap'.  (default=off)

       --smtp Use  a  SMTP-like	 logon procedure (client only).	 Also sets the
	      --service	default	to 'smtp'.  (default=off)

       -m, --mechanism=STRING
	      Mechanism	to use.

	      Disallow client to send data first (client only).	 (default=off)

   SASL	mechanism options (they	are prompted for when required):
       -n, --anonymous-token=STRING
	      Token for	anonymous authentication, usually mail address (ANONY-
	      MOUS only).

       -a, --authentication-id=STRING
	      Identity of credential owner.

       -z, --authorization-id=STRING Identity to request service for.

       -p, --password=STRING
	      Password for authentication (insecure for	non-testing purposes).

       -r, --realm=STRING
	      Realm. Defaults to hostname.

       -x, --maxbuf=NUMBER
	      Indicate maximum buffer size (DIGEST-MD5 only).

	      Passcode for authentication (SECURID only).

	      Set  the	requested  service name	(should	be a registered	GSSAPI
	      host based service name).

	      Set the name of the server with the requested service.

	      Set the generic server name in case of a replicated server  (DI-
	      GEST-MD5 only).

	      Validate CRAM-MD5	challenge and response


	      Disable cleartext	validate hook, forcing server

       to prompt for password.

	      How application payload will be protected.

	      'qop-auth'  means	 no protection,	'qop-int' means	integrity pro-
	      tection, 'qop-conf' means	integrity and  confidentialiy  protec-
	      tion.   Currently	 only used by DIGEST-MD5, where	the default is

   STARTTLS options:
	      Force use	of STARTTLS.  The default  is  to  use	STARTTLS  when
	      available.  (default=off)

	      Unconditionally disable STARTTLS.	 (default=off)

	      Don't use	channel	bindings from TLS.  (default=off)

	      File  containing	one or more X.509 Certificate Authorities cer-
	      tificates	in PEM format, used to verify the certificate received
	      from  the	 server.  If not specified, no verification of the re-
	      mote server certificate will be done.

	      File containing client X.509 certificate in  PEM	format.	  Used
	      together	with  --x509-key-file  to  specify the certificate/key

	      Private key for the client  X.509	 certificate  in  PEM  format.
	      Used  together  with  --x509-key-file  to	 specify  the certifi-
	      cate/key pair.

	      Cipher priority string.

   Other options:
	      Produce verbose output.  (default=off)

	      Don't produce any	diagnostic output.  (default=off)

       Written by Simon	Josefsson.

       Report bugs to:
       GNU SASL	home page: <>
       General help using GNU software:	<>

       Copyright (C) 2012 Simon	Josefsson.  License GPLv3+: GNU	GPL version  3
       or later	<>.
       This  is	 free  software:  you  are free	to change and redistribute it.
       There is	NO WARRANTY, to	the extent permitted by	law.

       The full	documentation for gsasl	is maintained as a Texinfo manual.  If
       the  info  and  gsasl programs are properly installed at	your site, the

	      info gsasl

       should give you access to the complete manual.

gsasl 1.8.0			   May 2012			      GSASL(1)


Want to link to this manual page? Use this URL:

home | help