Man Linux: Main Page and Category List


       gsasl - SASL library command line interface


       gsasl [OPTIONS]... [HOST [PORT]]...


       GNU SASL 1.4.4

       Authenticate  user to a server using Simple Authentication and Security
       Layer.  Currently IMAP and SMTP  servers  are  supported.   This  is  a
       command line interface for the GNU SASL library.

       -h, --help
              Print help and exit

       -V, --version
              Print version and exit

       -c, --client
              Act as client.  (default=on)

       -s, --server
              Act as server.  (default=off)

              Write  name of supported client mechanisms separated by space to
              stdout.  (default=off)

              Write name of supported server mechanisms separated by space  to
              stdout.  (default=off)

   Network options:
              Connect  to  TCP  server  and  negotiate  on  stream  instead of
              stdin/stdout. PORT  is  the  protocol  service,  or  an  integer
              denoting  the port, and defaults to 143 (imap) if not specified.
              Also sets the --hostname default.

   Generic options:
       -d, --application-data
              After authentication, read data from stdin and  run  it  through
              the  mechanism’s  security  layer and print it base64 encoded to
              stdout. The default is to terminate after authentication.


       --imap Use a IMAP-like logon procedure (client only).   Also  sets  the
              --service default to ’imap’.  (default=off)

       --smtp Use  a  SMTP-like  logon procedure (client only).  Also sets the
              --service default to ’smtp’.  (default=off)

       -m, --mechanism=STRING
              Mechanism to use.

              Disallow client to send data first (client only).  (default=off)

   SASL mechanism options (they are prompted for when required):
       -n, --anonymous-token=STRING
              Token   for   anonymous  authentication,  usually  mail  address
              (ANONYMOUS only).

       -a, --authentication-id=STRING
              Identity of credential owner.

       -z, --authorization-id=STRING Identity to request service for.

       -p, --password=STRING
              Password for authentication (insecure for non-testing purposes).

       -r, --realm=STRING
              Realm. Defaults to hostname.

       -x, --maxbuf=NUMBER
              Indicate maximum buffer size (DIGEST-MD5 only).

              Passcode for authentication (SECURID only).

              Set  the  requested  service name (should be a registered GSSAPI
              host based service name).

              Set the name of the server with the requested service.

              Set the generic server name  in  case  of  a  replicated  server
              (DIGEST-MD5 only).

              Validate CRAM-MD5 challenge and response


              Disable cleartext validate hook, forcing server

       to prompt for password.

              How application payload will be protected.

              ’qop-auth’   means  no  protection,  ’qop-int’  means  integrity
              protection,  ’qop-conf’  means  integrity   and   confidentialiy
              protection.   Currently  only  used  by  DIGEST-MD5,  where  the
              default is ’qop-int’.

   STARTTLS options:
              Force use of STARTTLS.  The default  is  to  use  STARTTLS  when
              available.  (default=off)

              Unconditionally disable STARTTLS.  (default=off)

              File  containing  one  or  more  X.509  Certificate  Authorities
              certificates in PEM  format,  used  to  verify  the  certificate
              received  from the server.  If not specified, no verification of
              the remote server certificate will be done.

              File containing client X.509 certificate in  PEM  format.   Used
              together  with  --x509-key-file  to  specify the certificate/key

              Private key for the client  X.509  certificate  in  PEM  format.
              Used    together    with    --x509-key-file   to   specify   the
              certificate/key pair.

              Cipher priority string.

   Other options:
              Produce verbose output.  (default=off)

              Don’t produce any diagnostic output.  (default=off)


       Written by Simon Josefsson.


       Report bugs to:
       GNU SASL home page: <>
       General help using GNU software: <>


       Copyright © 2010 Simon Josefsson.  License GPLv3+: GNU GPL version 3 or
       later <>.
       This  is  free  software:  you  are free to change and redistribute it.
       There is NO WARRANTY, to the extent permitted by law.


       The full documentation for gsasl is maintained as a Texinfo manual.  If
       the  info  and  gsasl programs are properly installed at your site, the

              info gsasl

       should give you access to the complete manual.