Fetching contributors…
Cannot retrieve contributors at this time
53 lines (39 sloc) 1.55 KB


pure-sasl is a pure python client-side SASL implementation.

At the moment, it supports the following mechanisms: ANONYMOUS, PLAIN, CRAM-MD5, DIGEST-MD5, and GSSAPI. Support for other mechanisms may be added in the future. Only GSSAPI supports a QOP higher than auth. Always use TLS!

Both Python 2 and Python 3 are supported.

Example Usage

from puresasl.client import SASLClient

sasl = SASLClient('somehost2', 'customprotocol')
conn = get_connection_to('somehost2')
available_mechs = conn.get_mechanisms()
sasl.choose_mechanism(available_mechs, allow_anonymous=False)
while True:
    status, challenge = conn.get_challenge()
    if status == 'COMPLETE':
    elif status == 'OK':
        response = sasl.process(challenge)
        raise Exception(status)

if not sasl.complete:
    raise Exception("SASL negotiation did not complete")

# begin normal communication
encoded = conn.fetch_data()
decoded = sasl.unwrap(decoded)
response = process_data(decoded)


Some of the mechanisms and utility functions are based on work done by David Alan Cridland and Lance Stout in Suelta:

pure-sasl is open source under the MIT license.