{"id":1639,"library":"pure-sasl","title":"Pure SASL","description":"`pure-sasl` is a pure Python client-side implementation of the Simple Authentication and Security Layer (SASL) protocol. It enables Python applications to authenticate securely against servers using various SASL mechanisms like PLAIN, SCRAM-SHA-1, SCRAM-SHA-256, and GSSAPI (with an optional dependency). The current version is 0.6.2, and it maintains a moderate release cadence, with the latest update in March 2024.","status":"active","version":"0.6.2","language":"en","source_language":"en","source_url":"http://github.com/thobbs/pure-sasl","tags":["sasl","authentication","client","security"],"install":[{"cmd":"pip install pure-sasl","lang":"bash","label":"Install core library"}],"dependencies":[],"imports":[{"symbol":"SASLClient","correct":"from pure_sasl.client import SASLClient"}],"quickstart":{"code":"import os\nfrom pure_sasl.client import SASLClient\n\n# Retrieve credentials from environment variables or provide defaults\n# In a real application, these would come from configuration or user input.\nusername = os.environ.get(\"SASL_USERNAME\", \"myuser\")\npassword = os.environ.get(\"SASL_PASSWORD\", \"mypassword\")\n\n# 1. Initialize the SASL client with the desired mechanism and credentials.\n# Common mechanisms: 'PLAIN', 'SCRAM-SHA-1', 'SCRAM-SHA-256'.\ntry:\n client = SASLClient(\n mechanism='PLAIN',\n username=username,\n password=password\n )\n\n print(f\"SASLClient initialized for PLAIN mechanism with user: {username}\")\n\n # 2. Process the initial challenge from the server.\n # For PLAIN, the initial challenge is typically an empty bytes string.\n # In a real network exchange, this comes from the server.\n server_challenge_1 = b''\n client_response_1 = client.process(server_challenge_1)\n print(f\"Client response to initial challenge: {client_response_1!r}\")\n\n # 3. If authentication requires more steps (e.g., SCRAM),\n # the server would send another challenge, which you'd pass to .process() again.\n # For PLAIN, the process is often complete after the first response.\n if client.complete:\n print(\"SASL PLAIN authentication sequence complete.\")\n else:\n print(\"Authentication not yet complete. Awaiting further server challenges.\")\n\nexcept Exception as e:\n print(f\"Error during SASL client operation: {e}\")","lang":"python","description":"This example demonstrates how to initialize a `SASLClient` for the PLAIN mechanism and process an initial (potentially empty) server challenge. For multi-step mechanisms like SCRAM, you would repeat the `client.process()` call for subsequent server challenges and client responses until `client.complete` is true."},"warnings":[{"fix":"Understand the library's scope and choose appropriate tools for server-side SASL needs.","message":"Pure-SASL is a client-side library. It provides client implementations for various SASL mechanisms but does not offer server-side SASL functionality. Users needing server-side SASL should look for alternative libraries.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Install `gssapi` explicitly if you intend to use the GSSAPI mechanism.","message":"The GSSAPI (Kerberos) SASL mechanism requires the separate `gssapi` Python library to be installed (e.g., `pip install gssapi`). `pure-sasl` itself does not bundle GSSAPI support and will raise an error if GSSAPI is used without the dependency.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Familiarize yourself with the SASL protocol flow for your chosen mechanism to correctly integrate the library with your network communication layer.","message":"While `pure-sasl` handles the internal logic of SASL mechanisms, correct usage requires a clear understanding of the SASL challenge-response protocol. Developers must manage the network communication (sending client responses, receiving server challenges) correctly.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}