Provided by: gsasl_1.8.0-8ubuntu3_amd64 bug


       gsasl - SASL library command line interface


       gsasl [OPTIONS]... [HOST [PORT]]...


       GNU SASL 1.8.0

       Authenticate  user  to a server using Simple Authentication and Security Layer.  Currently
       IMAP and SMTP servers are supported.  This is a command line interface for  the  GNU  SASL

       -h, --help
              Print help and exit

       -V, --version
              Print version and exit

       -c, --client
              Act as client.  (default=on)

       -s, --server
              Act as server.  (default=off)

              Write   name   of  supported  client  mechanisms  separated  by  space  to  stdout.

              Write  name  of  supported  server  mechanisms  separated  by  space   to   stdout.

   Network options:
              Connect  to TCP server and negotiate on stream instead of stdin/stdout. PORT is the
              protocol service, or an integer denoting the port, and defaults to  143  (imap)  if
              not specified. Also sets the --hostname default.

   Generic options:
       -d, --application-data
              After  authentication,  read  data  from  stdin  and run it through the mechanism's
              security layer and print it base64 encoded to stdout. The default is  to  terminate
              after authentication.


       --imap Use  a IMAP-like logon procedure (client only).  Also sets the --service default to
              'imap'.  (default=off)

       --smtp Use a SMTP-like logon procedure (client only).  Also sets the --service default  to
              'smtp'.  (default=off)

       -m, --mechanism=STRING
              Mechanism to use.

              Disallow client to send data first (client only).  (default=off)

   SASL mechanism options (they are prompted for when required):
       -n, --anonymous-token=STRING
              Token for anonymous authentication, usually mail address (ANONYMOUS only).

       -a, --authentication-id=STRING
              Identity of credential owner.

       -z, --authorization-id=STRING Identity to request service for.

       -p, --password=STRING
              Password for authentication (insecure for non-testing purposes).

       -r, --realm=STRING
              Realm. Defaults to hostname.

       -x, --maxbuf=NUMBER
              Indicate maximum buffer size (DIGEST-MD5 only).

              Passcode for authentication (SECURID only).

              Set  the  requested  service name (should be a registered GSSAPI host based service

              Set the name of the server with the requested service.

              Set the generic server name in case of a replicated server (DIGEST-MD5 only).

              Validate CRAM-MD5 challenge and response


              Disable cleartext validate hook, forcing server

       to prompt for password.

              How application payload will be protected.

       'qop-auth' means no protection, 'qop-int'
              means  integrity  protection,  'qop-conf'  means   integrity   and   confidentialiy
              protection.  Currently only used by DIGEST-MD5, where the default is 'qop-int'.

   STARTTLS options:
              Force   use   of  STARTTLS.   The  default  is  to  use  STARTTLS  when  available.

              Unconditionally disable STARTTLS.  (default=off)

              Don't use channel bindings from TLS.  (default=off)

              File containing one or more  X.509  Certificate  Authorities  certificates  in  PEM
              format, used to verify the certificate received from the server.  If not specified,
              no verification of the remote server certificate will be done.

              File containing client  X.509  certificate  in  PEM  format.   Used  together  with
              --x509-key-file to specify the certificate/key pair.

              Private  key  for  the  client X.509 certificate in PEM format.  Used together with
              --x509-key-file to specify the certificate/key pair.

              Cipher priority string.

   Other options:
              Produce verbose output.  (default=off)

              Don't produce any diagnostic output.  (default=off)


       Written by Simon Josefsson.


       Report bugs to:

       Report Debian bugs to:
       GNU SASL home page: <>
       General help using GNU software: <>

       Packaged by Debian (1.8.0-8ubuntu3)
       Copyright © 2012 Simon Josefsson.
       License GPLv3+: GNU GPL version 3 or later <>.
       This is free software: you are free to change and redistribute it.
       There is NO WARRANTY, to the extent permitted by law.


       The full documentation for gsasl is maintained as a Texinfo manual.  If the info and gsasl
       programs are properly installed at your site, the command

              info gsasl

       should give you access to the complete manual.