Technical details The document describes a “full” SASL profile, including: Both client and server can request a security handshake Support of SASL security layers (for persistent connections) Client can query the server for the list of available SASL mechanisms Possibility to optimize the SASL handshake when it is known that there is only a single applicable SASL mechanism when the SASL mechanism requires client to send data first (“initial response” message type) Can be used to authenticate to both the end-server and a proxy and vice versa. |