54 files changed, 7405 insertions, 0 deletions

diff --git a/usr/src/man/man3sasl/Makefile b/usr/src/man/man3sasl/Makefile
new file mode 100644
index 0000000000..da0a71fd86
--- /dev/null
+++ b/usr/src/man/man3sasl/Makefile
@@ -0,0 +1,105 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet
+# at http://www.illumos.org/license/CDDL.
+#
+
+# Copyright 2011, Richard Lowe
+
+include ../../Makefile.master
+
+MANSECT = 	3sasl
+
+MANFILES =	sasl_authorize_t.3sasl			\
+	 	sasl_auxprop.3sasl			\
+	 	sasl_auxprop_add_plugin.3sasl		\
+	 	sasl_auxprop_getctx.3sasl		\
+	 	sasl_auxprop_request.3sasl		\
+	 	sasl_canon_user_t.3sasl			\
+	 	sasl_canonuser_add_plugin.3sasl		\
+	 	sasl_chalprompt_t.3sasl			\
+	 	sasl_checkapop.3sasl			\
+	 	sasl_checkpass.3sasl			\
+	 	sasl_client_add_plugin.3sasl		\
+	 	sasl_client_init.3sasl			\
+	 	sasl_client_new.3sasl			\
+	 	sasl_client_plug_init_t.3sasl		\
+	 	sasl_client_start.3sasl			\
+	 	sasl_client_step.3sasl			\
+	 	sasl_decode.3sasl			\
+	 	sasl_decode64.3sasl			\
+	 	sasl_dispose.3sasl			\
+	 	sasl_done.3sasl				\
+	 	sasl_encode.3sasl			\
+	 	sasl_encode64.3sasl			\
+	 	sasl_erasebuffer.3sasl			\
+	 	sasl_errdetail.3sasl			\
+	 	sasl_errors.3sasl			\
+	 	sasl_errstring.3sasl			\
+	 	sasl_getcallback_t.3sasl		\
+	 	sasl_getopt_t.3sasl			\
+	 	sasl_getpath_t.3sasl			\
+	 	sasl_getprop.3sasl			\
+	 	sasl_getrealm_t.3sasl			\
+	 	sasl_getsecret_t.3sasl			\
+	 	sasl_getsimple_t.3sasl			\
+	 	sasl_global_listmech.3sasl		\
+	 	sasl_idle.3sasl				\
+	 	sasl_listmech.3sasl			\
+	 	sasl_log_t.3sasl			\
+	 	sasl_server_add_plugin.3sasl		\
+	 	sasl_server_init.3sasl			\
+	 	sasl_server_new.3sasl			\
+	 	sasl_server_plug_init_t.3sasl		\
+	 	sasl_server_start.3sasl			\
+	 	sasl_server_step.3sasl			\
+	 	sasl_server_userdb_checkpass_t.3sasl	\
+	 	sasl_server_userdb_setpass_t.3sasl	\
+	 	sasl_set_alloc.3sasl			\
+	 	sasl_set_mutex.3sasl			\
+	 	sasl_seterror.3sasl			\
+	 	sasl_setpass.3sasl			\
+	 	sasl_setprop.3sasl			\
+	 	sasl_utf8verify.3sasl			\
+	 	sasl_verifyfile_t.3sasl			\
+	 	sasl_version.3sasl
+
+MANSOFILES =	prop_clear.3sasl	\
+		prop_dispose.3sasl	\
+		prop_dup.3sasl		\
+		prop_erase.3sasl	\
+		prop_format.3sasl	\
+		prop_get.3sasl		\
+		prop_getnames.3sasl	\
+		prop_new.3sasl		\
+		prop_request.3sasl	\
+		prop_set.3sasl		\
+		prop_setvals.3sasl	\
+		sasl_encodev.3sasl
+
+MANFILES +=	$(MANSOFILES)
+
+prop_clear.3sasl	:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_dispose.3sasl	:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_dup.3sasl		:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_erase.3sasl	:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_format.3sasl	:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_get.3sasl		:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_getnames.3sasl	:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_new.3sasl		:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_request.3sasl	:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_set.3sasl		:= SOSRC = man3sasl/sasl_auxprop.3sasl
+prop_setvals.3sasl	:= SOSRC = man3sasl/sasl_auxprop.3sasl
+
+sasl_encodev.3sasl	:= SOSRC = man3sasl/sasl_encode.3sasl
+
+.KEEP_STATE:
+
+include ../Makefile.man
+
+install: $(ROOTMANFILES)
diff --git a/usr/src/man/man3sasl/sasl_authorize_t.3sasl b/usr/src/man/man3sasl/sasl_authorize_t.3sasl
new file mode 100644
index 0000000000..c4225f1ecb
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_authorize_t.3sasl
@@ -0,0 +1,167 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_authorize_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_authorize_t \- the SASL authorization callback
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_authorize_t\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fIrequested_user\fR,
+     \fBunsigned\fR \fIalen\fR, \fBconst char*\fR \fIauth_identity\fR, \fBunsigned\fR \fIrlen\fR,
+     \fBconst char *\fR\fIdef_realm\fR, \fBunsigned\fR \fIurlen\fR, \fBstruct propctx *\fR\fIpropctx\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+\fBsasl_authorize_t()\fR is a typedef function prototype that defines the
+interface associated with the \fBSASL_CB_PROXY_POLICY\fR callback.
+.sp
+.LP
+Use the \fBsasl_authorize_t()\fR interface to check whether the authorized user
+\fIauth_identity\fR can act as the user \fIrequested_user\fR. For example, the
+user \fBroot\fR may want to authenticate with \fBroot\fR's credentials but as
+the user \fBtmartin\fR, with all of \fBtmartin\fR's rights, not \fBroot\fR's. A
+server application should be very careful when it determines which users may
+proxy as other users.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 18n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIrequested_user\fR\fR
+.ad
+.RS 18n
+.rt  
+The identity or username to authorize. \fIrequested_user\fR is null-terminated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIrlen\fR\fR
+.ad
+.RS 18n
+.rt  
+The length of \fIrequested_user\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIauth_identity\fR\fR
+.ad
+.RS 18n
+.rt  
+The identity associated with the secret. \fIauth_identity\fR is
+null-terminated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIalen\fR\fR
+.ad
+.RS 18n
+.rt  
+The length of \fIauth_identity\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIdefault_realm\fR\fR
+.ad
+.RS 18n
+.rt  
+The default user realm as passed to \fBsasl_server_new\fR(3SASL).
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIulren\fR\fR
+.ad
+.RS 18n
+.rt  
+The length of the default realm
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpropctx\fR\fR
+.ad
+.RS 18n
+.rt  
+Auxiliary properties
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_authorize_t()\fR returns an integer
+that corresponds to a SASL error code. See <\fBsasl.h\fR> for a complete list
+of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_authorize_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsasl_server_new\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_auxprop.3sasl b/usr/src/man/man3sasl/sasl_auxprop.3sasl
new file mode 100644
index 0000000000..a965550e10
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_auxprop.3sasl
@@ -0,0 +1,363 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_auxprop 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_auxprop, prop_new, prop_dup, prop_request, prop_get, prop_getnames,
+prop_clear, prop_erase, prop_dispose, prop_format, prop_set, prop_setvals \-
+SASL auxilliary properties
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/prop.h>
+
+\fBstruct propctx *\fR\fBprop_new\fR(\fBunsigned\fR \fIestimate\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBprop_dup\fR(\fBstruct propctx *\fR\fIsrc_ctx\fR, \fBstruct propctx *\fR\fIdst_ctx\fR
+.fi
+
+.LP
+.nf
+\fBint\fR \fBprop_request\fR(\fBstruct propctx *\fR\fIctx\fR, \fBconst char **\fR\fInames\fR
+.fi
+
+.LP
+.nf
+\fBconst struct propval *\fR\fBprop_get\fR(\fBstruct propctx *\fR\fIctx\fR
+.fi
+
+.LP
+.nf
+\fBint\fR \fBprop_getnames\fR(\fBstruct propctx *\fR\fIctx\fR, \fBconst char **\fR\fInames\fR,
+     \fBstruct propval *\fR\fIvals\fR
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBprop_clear\fR(\fBstruct propctx *\fR\fIctx\fR, \fBint\fR \fIrequests\fR
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBprop_erase\fR(\fBstruct propctx *\fR\fIctx\fR, \fBconst char *\fR\fIname\fR
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBprop_dispose\fR(\fBstruct propctx *\fR\fIctx\fR
+.fi
+
+.LP
+.nf
+\fBint\fR \fBprop_format\fR(\fBstruct propctx *\fR\fIctx\fR, \fBconst char *\fR\fIsep\fR, \fBint\fR \fIseplen\fR,
+     \fBchar *\fR\fIoutbuf\fR, \fBunsigned\fR \fIoutmax\fR, \fBunsigned *\fR\fIoutlen\fR
+.fi
+
+.LP
+.nf
+\fBint\fR \fBprop_set\fR(\fBstruct propctx *\fR\fIctx\fR, \fBconst char *\fR\fIname\fR, \fBconst char *\fR\fIvalue\fR,
+     \fBint\fR \fIvallen\fR
+.fi
+
+.LP
+.nf
+\fBint\fR \fBprop_setvals\fR(\fBstruct propctx *\fR\fIctx\fR, \fBconst char *\fR\fIname\fR,
+     \fBconst char **\fR\fIvalues\fR
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The SASL auxilliary properties are used to obtain properties from external
+sources during the authentication process. For example, a mechanizm might need
+to query an LDAP server to obtain the authentication secret. The application
+probably needs other information from the LDAP server as well, such as the home
+directory of the UID. The auxilliary property interface allows the two to
+cooperate and results in only a single query against the property sources.
+.sp
+.LP
+Property lookups take place directly after user canonicalization occurs.
+Therefore, all request should be registered with the context before user
+canonicalization occurs. Requests can calso be registered by using the
+\fBsasl_auxprop_request\fR(3SASL) function. Most of the auxilliary property
+functions require a property context that can be obtained by calling
+\fBsasl_auxprop_getctx\fR(3SASL).
+.SS "\fBprop_new()\fR"
+.sp
+.LP
+The \fBprop_new()\fR function creates a new property context. It is unlikely
+that application developers will use this call.
+.SS "\fBprop_dup()\fR"
+.sp
+.LP
+The \fBprop_dup()\fR function duplicates a given property context.
+.SS "\fBprop_request()\fR"
+.sp
+.LP
+The \fBprop_request()\fR function adds properties to the request list of a
+given context.
+.SS "\fBprop_get()\fR"
+.sp
+.LP
+The \fBprop_get()\fR function returns a null-terminated array of \fBstruct\fR
+\fBpropval\fR from the given context.
+.SS "\fBprop_getnames()\fR"
+.sp
+.LP
+The \fBprop_getnames()\fR function fills in an array of \fBstruct\fR
+\fBpropval\fR based on a list of property names. The \fBvals\fR array is at
+least as long as the \fBnames\fR array. The values that are filled in by this
+call persist until the next call on the context to \fBprop_request()\fR,
+\fBprop_clear()\fR, or \fBprop_dispose()\fR. If a name specified was never
+requested, then its associated values entry will be set to \fINULL\fR.
+.sp
+.LP
+The \fBprop_getnames()\fR function returns the number of matching properties
+that were found or a SASL error code.
+.SS "\fBprop_clear()\fR"
+.sp
+.LP
+The \fBprop_clear()\fR function clears \fIvalues\fR and \fIrequests\fR from a
+property context. If the value of \fIrequests\fR is \fB1\fR, then
+\fIrequests\fR is cleared. Otherwise, the value of \fIrequests\fR is \fB0\fR.
+.SS "\fBprop_erase()\fR"
+.sp
+.LP
+The \fBprop_erase()\fR function securely erases the value of a property.
+\fIname\fR is the name of the property to erase.
+.SS "\fBprop_dispose()\fR"
+.sp
+.LP
+The \fBprop_dispose()\fR function disposes of a property context and nullifies
+the pointer.
+.SS "\fBprop_format()\fR"
+.sp
+.LP
+The \fBprop_format()\fR function formats the requested property names into a
+string. The \fBprop_format()\fR function is not intended to be used by the
+application. The function is used only by \fBauxprop\fR plug-ins.
+.SS "\fBprop_set()\fR"
+.sp
+.LP
+The \fBprop_set()\fR functions adds a property value to the context. The
+\fBprop_set()\fR function is used only by \fBauxprop\fR plug-ins.
+.SS "\fBprop_setvals()\fR"
+.sp
+.LP
+The \fBprop_setvals()\fR function adds multiple values to a single property.
+The \fBprop_setvals()\fR function is used only by \fBauxprop\fR plug-ins.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 12n
+.rt  
+The \fBsasl_conn_t\fR for which the request is being made
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIctx\fR\fR
+.ad
+.RS 12n
+.rt  
+The property context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIestimate\fR\fR
+.ad
+.RS 12n
+.rt  
+The estimate of the total storage needed for requests and responses. The
+library default is implied by a value of \fB0\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fInames\fR\fR
+.ad
+.RS 12n
+.rt  
+The null-terminated array of property names. \fInames\fR must persist until the
+requests are cleared or the context is disposed of with a call to
+\fBprop_dispose()\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIname\fR\fR
+.ad
+.RS 12n
+.rt  
+The name of the property.
+.sp
+For \fBprop_set()\fR, \fIname\fR is the named of the property to receive the
+new value, or \fINULL\fR. The value will be added to the same property as the
+last call to either \fBprop_set()\fR or \fBprop_setvals()\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutbuf\fR\fR
+.ad
+.RS 12n
+.rt  
+The caller-allocated buffer of length \fIoutmax\fR that the resulting string,
+including the \fINULL\fR terminator, will be placed in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutlen\fR\fR
+.ad
+.RS 12n
+.rt  
+If non-\fINULL\fR, contains the length of the resulting sting, excluding the
+\fINULL\fR terminator.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutmax\fR\fR
+.ad
+.RS 12n
+.rt  
+The maximum length of the output buffer, including the \fINULL\fR terminator.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIrequests\fR\fR
+.ad
+.RS 12n
+.rt  
+The request list for a given context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIsep\fR\fR
+.ad
+.RS 12n
+.rt  
+The separator to use for the string.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIseplen\fR\fR
+.ad
+.RS 12n
+.rt  
+The length of the separator. The the values is less than 0, then \fBstrlen\fR
+will be used as \fIsep\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIvallen\fR\fR
+.ad
+.RS 12n
+.rt  
+The length of the property.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIvals\fR\fR
+.ad
+.RS 12n
+.rt  
+The value string.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIvalue\fR\fR
+.ad
+.RS 12n
+.rt  
+A value for the property of length \fIvallen\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIvalues\fR\fR
+.ad
+.RS 12n
+.rt  
+A null-terminated array of values to be added to the property.
+.RE
+
+.SH ERRORS
+.sp
+.LP
+The \fBsasl_auxprop()\fR functions that return an \fBint\fR will return a SASL
+error code. See \fBsasl_errors\fR(3SASL). Those \fBsasl_auxprop()\fR functions
+that return a pointer will return a valid pointer upon success and return
+\fINULL\fR upon failure.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_auxprop_getctx\fR(3SASL), \fBsasl_auxprop_request\fR(3SASL),
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_auxprop_add_plugin.3sasl b/usr/src/man/man3sasl/sasl_auxprop_add_plugin.3sasl
new file mode 100644
index 0000000000..4076854169
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_auxprop_add_plugin.3sasl
@@ -0,0 +1,114 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_auxprop_add_plugin 3SASL "16 Sep 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_auxprop_add_plugin \- add a SASL auxiliary property plug-in
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslplug.h>
+
+\fBint\fR \fBsasl_auxprop_add_plugin\fR(\fBconst char *\fR\fIplugname\fR,
+     \fBsasl_auxprop_plug_init_t *\fR\fIcplugfunc\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_auxprop_add_plugin()\fR interface to add a auxiliary property
+plug-in to the current list of auxiliary property plug-ins in the SASL library.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIplugname\fR\fR
+.ad
+.RS 13n
+.rt  
+The name of the auxiliary property plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcplugfunc\fR\fR
+.ad
+.RS 13n
+.rt  
+The value of \fIcplugfunc\fR is filled in by the \fBsasl_auxprop_plug_init_t\fR
+structure.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_auxprop_add_plugin()\fR returns an integer that corresponds to a SASL
+error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 16n
+.rt  
+The call to \fBsasl_client_add_plugin()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADVERS\fR\fR
+.ad
+.RS 16n
+.rt  
+Version mismatch with plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMEM\fR\fR
+.ad
+.RS 16n
+.rt  
+Memory shortage failure.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on other SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_auxprop_getctx.3sasl b/usr/src/man/man3sasl/sasl_auxprop_getctx.3sasl
new file mode 100644
index 0000000000..5551d147a4
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_auxprop_getctx.3sasl
@@ -0,0 +1,65 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_auxprop_getctx 3SASL "22 Aug 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_auxprop_getctx \- acquire an auxiliary property context
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBstruct propctx *\fR\fBsasl_auxprop_getctx\fR(\fBsasl_conn_t *\fR\fIconn\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_auxprop_getctx()\fR interface returns an auxiliary property context
+for the given \fBsasl_conn_t\fR on which the sasl auxiliary property functions
+can operate. See \fBsasl_auxprop\fR(3SASL).
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 8n
+.rt  
+The \fBsasl_conn_t\fR for which the request is being made
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_auxprop_getctx()\fR returns a pointer to the context, upon success.
+\fBsasl_auxprop_getctx()\fR returns \fINULL\fR upon failure.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_auxprop_request.3sasl b/usr/src/man/man3sasl/sasl_auxprop_request.3sasl
new file mode 100644
index 0000000000..86d6869d4b
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_auxprop_request.3sasl
@@ -0,0 +1,82 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_auxprop_request 3SASL "22 Aug 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_auxprop_request \- request auxialliary properties from SASL
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_auxprop_request\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char **\fR\fIpropnames\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_auxprop_request()\fR interface requests that the SASL library
+obtain properties form any auxialiary property plugins that might be installed,
+for example, the user's home directory from an LDAP server. The lookup occurs
+just after username canonicalization is complete. Therefore, the request should
+be made before the call to \fBsasl_server_start\fR(3SASL), but after the call
+to \fBsasl_server_new\fR(3SASL).
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 13n
+.rt  
+The \fBsasl_conn_t\fR for which the request is being made
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpropnames\fR\fR
+.ad
+.RS 13n
+.rt  
+A null-terminated array of property names to request. This array must persist
+until a call to \fBsasl_dispose\fR(3SASL) on the \fBsasl_conn_t\fR.
+.RE
+
+.SH ERRORS
+.sp
+.LP
+\fBsasl_auxprop_request()\fR returns \fBSASL_OK\fR upon success. See
+\fBsasl_errors\fR(3SASL) for a discussion of other SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_dispose\fR(3SASL), \fBsasl_errors\fR(3SASL),
+\fBsasl_server_new\fR(3SASL), \fBsasl_server_start\fR(3SASL),
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_canon_user_t.3sasl b/usr/src/man/man3sasl/sasl_canon_user_t.3sasl
new file mode 100644
index 0000000000..7be7e04e7e
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_canon_user_t.3sasl
@@ -0,0 +1,194 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_canon_user_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_canon_user_t \- the canon user callback
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_canon_user_t\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBvoid *\fR\fIcontext\fR, \fBconst char *\fR\fIuser\fR,
+     \fBunsigned\fR \fIulen\fR, \fBunsigned\fR \fIflags\fR, \fBconst char *\fR\fIuser_realm\fR, \fBchar *\fR\fIout_user\fR,
+     \fBunsigned *\fR\fIout_umax\fR, \fBunsigned *\fR\fIout_ulen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_canon_user_t()\fR interface is the callback function for an
+application-supplied user canonical function. This function is subject to the
+requirements of all canonical functions. It must copy the result into the
+output buffers, but the output buffers and the input buffers can be the same.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 14n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 14n
+.rt  
+The context from the callback record.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuser\fR\fR
+.ad
+.RS 14n
+.rt  
+User name. The form of \fIuser\fR is not canonical.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIulen\fR\fR
+.ad
+.RS 14n
+.rt  
+Length of \fIuser\fR. The form of \fIulen\fR is not canonical.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIflags\fR\fR
+.ad
+.RS 14n
+.rt  
+One of the following values, or a bitwise OR of both:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CU_AUTHID\fR\fR
+.ad
+.RS 19n
+.rt  
+Indicates the authentication ID is canonical
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CU_AUTHZID\fR\fR
+.ad
+.RS 19n
+.rt  
+Indicates the authorization ID is canonical
+.RE
+
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuser_realm\fR\fR
+.ad
+.RS 14n
+.rt  
+Realm of authentication.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIout_user\fR\fR
+.ad
+.RS 14n
+.rt  
+The output buffer for the user name.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIout_max\fR\fR
+.ad
+.RS 14n
+.rt  
+The maximum length for the user name.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIout_len\fR\fR
+.ad
+.RS 14n
+.rt  
+The actual length for the user name.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like  other SASL callback functions, \fBsasl_canon_user_t()\fR returns an
+integer that corresponds to a SASL error code. See <\fBsasl.h\fR> for a
+complete list of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_canon_user_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsasl_server_new\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_canonuser_add_plugin.3sasl b/usr/src/man/man3sasl/sasl_canonuser_add_plugin.3sasl
new file mode 100644
index 0000000000..a890cd1cee
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_canonuser_add_plugin.3sasl
@@ -0,0 +1,115 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_canonuser_add_plugin 3SASL "16 Sep 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_canonuser_add_plugin \- add a SASL user canonicalization plug-in
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslplug.h>
+
+\fBint\fR \fBsasl_canonuser_add_plugin\fR(\fBconst char *\fR\fIplugname\fR,
+     \fBsasl_canonuser_plug_init_t *\fR\fIcplugfunc\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_canonuser_add_plugin()\fR interface to add a user
+canonicalization plug-in to the current list of user canonicalization plug-ins
+in the SASL library.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIplugname\fR\fR
+.ad
+.RS 13n
+.rt  
+The name of the user canonicalization plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcplugfunc\fR\fR
+.ad
+.RS 13n
+.rt  
+The value of \fIcplugfunc\fR is filled in by the
+\fBsasl_canonuser_plug_init_t\fR structure.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_server_add_plugin()\fR returns an integer that corresponds to a SASL
+error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 16n
+.rt  
+The call to \fBsasl_client_add_plugin()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADVERS\fR\fR
+.ad
+.RS 16n
+.rt  
+Version mismatch with plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMEM\fR\fR
+.ad
+.RS 16n
+.rt  
+Memory shortage failure.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on other SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_chalprompt_t.3sasl b/usr/src/man/man3sasl/sasl_chalprompt_t.3sasl
new file mode 100644
index 0000000000..0dbe74a724
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_chalprompt_t.3sasl
@@ -0,0 +1,149 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_chalprompt_t 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_chalprompt_t \- prompt for input in response to a challenge
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_chalprompt_t\fR(\fBvoid *\fR\fIcontext\fR, \fBint\fR \fIid\fR, \fBconst char *\fR\fIchallenge\fR,
+     \fBconst char *\fR\fIprompt\fR, \fBconst char *\fR\fIdefresult\fR, \fBconst char **\fR\fIresult\fR,
+     \fBunsigned *\fR\fIlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_chalprompt_t()\fR callback interface to prompt for input in
+response to a server challenge.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 13n
+.rt  
+The context from the callback record.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIid\fR\fR
+.ad
+.RS 13n
+.rt  
+The callback id. \fIid\fR can have a value of \fBSASL_CB_ECHOPROMPT\fR or
+\fBSASL_CB_NOECHOPROMPT\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIchallenge\fR\fR
+.ad
+.RS 13n
+.rt  
+The server's challenge.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIprompt\fR\fR
+.ad
+.RS 13n
+.rt  
+A prompt for the user.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIdefresult\fR\fR
+.ad
+.RS 13n
+.rt  
+The default result. The value of \fIdefresult\fR can be \fINULL\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIresult\fR\fR
+.ad
+.RS 13n
+.rt  
+The user's response. \fIresult\fR is a null-terminated string.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIlen\fR\fR
+.ad
+.RS 13n
+.rt  
+The length of the user's response.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_chalprompt_t()\fR returns an
+integer that corresponds to a SASL error code. See <\fBsasl.h\fR> for a
+complete list of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_chalprompt_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsasl_server_new\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_checkapop.3sasl b/usr/src/man/man3sasl/sasl_checkapop.3sasl
new file mode 100644
index 0000000000..778589bfd7
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_checkapop.3sasl
@@ -0,0 +1,137 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_checkapop 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_checkapop \- check an APOP challenge or response
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_checkapop\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fIchallenge\fR,
+     \fBunsigned\fR \fIchallen\fR, \fBconst char *\fR\fIresponse\fR, \fBunsigned\fR \fIresplen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_checkapop()\fR interface checks an APOP challenge or response. APOP
+is an option POP3 authentication command that uses a shared secret password.
+See \fIRFC 1939\fR.
+.sp
+.LP
+If \fBsasl_checkapop()\fR is called with a \fINULL\fR challenge,
+\fBsasl_checkapop()\fR will check to see if the APOP mechanism is enabled.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 13n
+.rt  
+The \fBsasl_conn_t\fR for which the request is being made
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIchallenge\fR\fR
+.ad
+.RS 13n
+.rt  
+The challenge sent to the client
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIchallen\fR\fR
+.ad
+.RS 13n
+.rt  
+The length of \fIchallenge\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIresponse\fR\fR
+.ad
+.RS 13n
+.rt  
+The client response
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIresplens\fR\fR
+.ad
+.RS 13n
+.rt  
+The length of \fIresponse\fR
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_checkapop()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+Indicates that the authentication is complete
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilitySUNWlibsasl
+_
+Interface StabilityObsolete
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
+.sp
+.LP
+Meyers, J. and Rose, M. \fIRFC 1939, Post Office Protocol - Version 3\fR.
+Network Working Group. May 1996.
diff --git a/usr/src/man/man3sasl/sasl_checkpass.3sasl b/usr/src/man/man3sasl/sasl_checkpass.3sasl
new file mode 100644
index 0000000000..642a853877
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_checkpass.3sasl
@@ -0,0 +1,149 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_checkpass 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_checkpass \- check a plaintext password
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_checkpass\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fIuser\fR, \fBunsigned\fR \fIuserlen\fR,
+     \fBconst char *\fR\fIpass\fR, \fBunsigned\fR \fIpasslen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_checkpass()\fR interface checks a plaintext password. The
+\fBsasl_checkpass()\fR interface is used for protocols that had a login method
+before SASL, for example, the \fBLOGIN\fR command in IMAP. The password is
+checked with the \fBpwcheck_method\fR.
+.sp
+.LP
+The \fBsasl_checkpass()\fR interface is a server interface. You cannot use it
+to check passwords from a client.
+.sp
+.LP
+The \fBsasl_checkpass()\fR interface checks the posible repositories until it
+succeeds or there are no more repositories. If
+\fBsasl_server_userdb_checkpass_t\fR is registered, \fBsasl_checkpass()\fR
+tries it first.
+.sp
+.LP
+Use the \fBpwcheck_method\fR SASL option to specify which \fBpwcheck\fR methods
+to use.
+.sp
+.LP
+The \fBsasl_checkpass()\fR interface supports the transition of passwords if
+the SASL option \fBauto_transition\fR is on.
+.sp
+.LP
+If \fIuser\fR is \fINULL\fR, check is plaintext passwords are enabled.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 11n
+.rt  
+The \fBsasl_conn_t\fR for which the request is being made
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpass\fR\fR
+.ad
+.RS 11n
+.rt  
+Plaintext password to check
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpasslen\fR\fR
+.ad
+.RS 11n
+.rt  
+The length of \fIpass\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuser\fR\fR
+.ad
+.RS 11n
+.rt  
+User to query in current \fBuser_domain\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuserlen\fR\fR
+.ad
+.RS 11n
+.rt  
+The length of username.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_checkpass()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+Indicates that the authentication is complete
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_client_add_plugin.3sasl b/usr/src/man/man3sasl/sasl_client_add_plugin.3sasl
new file mode 100644
index 0000000000..fbfb67051f
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_client_add_plugin.3sasl
@@ -0,0 +1,114 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_client_add_plugin 3SASL "12 Sep 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_client_add_plugin \- add a SASL client plug-in
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslplug.h>
+
+\fBint\fR \fBsasl_client_add_plugin\fR(\fBconst char *\fR\fIplugname\fR,
+     \fBsasl_client_plug_init_t *\fR\fIcplugfunc\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_client_add_plugin()\fR interface to add a client plug-in to the
+current list of client plug-ins in the SASL library.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIplugname\fR\fR
+.ad
+.RS 13n
+.rt  
+The name of the client plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcplugfunc\fR\fR
+.ad
+.RS 13n
+.rt  
+The value of \fIcplugfunc\fR is filled in by the \fBsasl_client_plug_init_t\fR
+structure.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_client_add_plugin()\fR returns an integer that corresponds to a SASL
+error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 16n
+.rt  
+The call to \fBsasl_client_add_plugin()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADVERS\fR\fR
+.ad
+.RS 16n
+.rt  
+Version mismatch with plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMEM\fR\fR
+.ad
+.RS 16n
+.rt  
+Memory shortage failure.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on other SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_client_init.3sasl b/usr/src/man/man3sasl/sasl_client_init.3sasl
new file mode 100644
index 0000000000..d3d95237cc
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_client_init.3sasl
@@ -0,0 +1,122 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_client_init 3SASL "22 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_client_init \- initialize SASL client authentication
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_client_init\fR(\fBconst sasl_callback_t *\fR\fIcallbacks\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_client_init()\fR interface to initialize SASL. The
+\fBsasl_client_init()\fR interface must be called before any calls to
+\fBsasl_client_start\fR(3SASL). The call to \fBsasl_client_init()\fR
+initiallizes all SASL client drivers, for example, authentication mechanisms.
+SASL client drivers are usually found in the \fB/usr/lib/sasl\fR directory.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcallbacks\fR\fR
+.ad
+.RS 13n
+.rt  
+Specifies the base callbacks for all client connections.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_client_init()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 17n
+.rt  
+The call to \fBsasl_client_init()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADVERS\fR\fR
+.ad
+.RS 17n
+.rt  
+There is a mismatch in the mechanism version.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADPARAM\fR\fR
+.ad
+.RS 17n
+.rt  
+There is an error in the configuration file.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMEM\fR\fR
+.ad
+.RS 17n
+.rt  
+There is not enough memory to complete the operation.
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelUnsafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+While most of \fBlibsasl\fR is MT-Safe, no other \fBlibsasl\fR function should
+be called until this function completes.
diff --git a/usr/src/man/man3sasl/sasl_client_new.3sasl b/usr/src/man/man3sasl/sasl_client_new.3sasl
new file mode 100644
index 0000000000..152971af18
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_client_new.3sasl
@@ -0,0 +1,230 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_client_new 3SASL "27 Aug 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_client_new \- create a new client authentication object
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_client_new\fR(\fBconst char *\fR\fIservice\fR, \fBconst char *\fR\fIserverFQDN\fR,
+     \fBconst char *\fR\fIiplocalport\fR, \fBconst char *\fR\fIipremoteport\fR,
+     \fBconst sasl_callback_t *\fR\fIprompt_supp\fR, \fBunsigned\fR \fIflags\fR,
+     \fBsasl_conn_t **\fR\fIpconn\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_client_new()\fR interface to create a new SASL context. This
+SASL context will be used for all SASL calls for one connection. The context
+handles both authentication and the integrity and encryption layers after
+authentication.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIservice\fR\fR
+.ad
+.RS 16n
+.rt  
+The registered name of the service that uses SASL, usually the protocol name,
+for example, IMAP.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIserverFQDN\fR\fR
+.ad
+.RS 16n
+.rt  
+The fully qualified domain name of the server, for example, serverhost.cmu.edu.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIiplocalport\fR\fR
+.ad
+.RS 16n
+.rt  
+.sp
+.LP
+The IP and port of the local side of the connection, or \fINULL\fR. If
+\fIiplocalport\fR is \fINULL\fR, mechanisms that require IP address information
+are disabled. The \fIiplocalport\fR string must be in one of the following
+formats:
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fBa.b.c.d:port\fR (IPv6)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fB[e:f:g:h:i:j:k:l]:port\fR (IPv6)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fB[e:f:g:h:i:j:a.b.c.d]:port\fR (IPv6)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fBa.b.c.d;port\fR (IPv4)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fBe:f:g:h:i:j:k:l;port\fR (IPv6)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fBe:f:g:h:i:j:a.b.c.d;port\fR (IPv6)
+.RE
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIipremoteport\fR\fR
+.ad
+.RS 16n
+.rt  
+The IP and port of the remote side of the connection, or \fINULL\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIprompt_supp\fR\fR
+.ad
+.RS 16n
+.rt  
+A list of the client interactions supported that are unique to this connection.
+If this parameter is \fINULL\fR, the global callbacks specified in
+\fBsasl_client_init\fR(3SASL) are used.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIflags\fR\fR
+.ad
+.RS 16n
+.rt  
+Usage flags. For clients, the flag \fBSASL_NEED_PROXY\fR is available.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpconn\fR\fR
+.ad
+.RS 16n
+.rt  
+The connection context allocated by the library. The \fIpconn\fR structure is
+used for all future SASL calls for this connection.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_client_new()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 17n
+.rt  
+The call to \fBsasl_client_new()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMECH\fR\fR
+.ad
+.RS 17n
+.rt  
+No mechanishm meets the requested properties.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADPARAM\fR\fR
+.ad
+.RS 17n
+.rt  
+There is an error in the configuration file or passed parameters.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMEM\fR\fR
+.ad
+.RS 17n
+.rt  
+There is not enough memory to complete the operation.
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_client_init\fR(3SASL), \fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_client_plug_init_t.3sasl b/usr/src/man/man3sasl/sasl_client_plug_init_t.3sasl
new file mode 100644
index 0000000000..2d2f51be6f
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_client_plug_init_t.3sasl
@@ -0,0 +1,125 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_client_plug_init_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_client_plug_init_t \- client plug-in entry point
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslplug.h>
+
+\fBint\fR \fBsasl_client_plug_init_t\fR(\fBconst sasl_utils_t *\fR\fIutils\fR, \fBint\fR \fImax_version\fR,
+     \fBint *\fR\fIout_version\fR, \fBsasl_client_plug_t **\fR\fIpluglist\fR, \fBint *\fR\fIplugcount\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_client_plug_init_t()\fR callback function is the client plug-in
+entry point.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIutils\fR\fR
+.ad
+.RS 15n
+.rt  
+The utility callback functions.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fImax_version\fR\fR
+.ad
+.RS 15n
+.rt  
+The highest client plug-in version supported.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIout_version\fR\fR
+.ad
+.RS 15n
+.rt  
+The client plug-in version of the result..
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpluglist\fR\fR
+.ad
+.RS 15n
+.rt  
+The list of client mechanism plug-ins.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIplugcount\fR\fR
+.ad
+.RS 15n
+.rt  
+The number of client mechanism plug-ins.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_client_plug_init_t()\fR returns an
+integer that corresponds to a SASL error code. See <\fBsasl.h\fR> for a
+complete list of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_client_plug_init_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_client_start.3sasl b/usr/src/man/man3sasl/sasl_client_start.3sasl
new file mode 100644
index 0000000000..a3b1347d75
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_client_start.3sasl
@@ -0,0 +1,155 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_client_start 3SASL "26 Aug 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_client_start \- perform a step in the authentication negotiation
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_client_start\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fImechlist\fR,
+     \fBsasl_interact_t **\fR\fIprompt_need\fR, \fBconst char **\fR\fIclientout\fR,
+     \fBunsigned *\fR\fIclientoutlen\fR, \fBconst char **\fR\fImech\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_client_start()\fR interface to select a mechanism for
+authentication and start the authentication session. The \fImechlist\fR
+parameter holds the list of mechanisms that the client might like to use. The
+mechanisms in the list are not necessarily supported by the client, nor are the
+mechanisms necessarily valid. SASL determines which of the mechanisms to use
+based upon the security preferences specified earlier. The list of mechanisms
+is typically a list of mechanisms that the server supports, acquired from a
+capability request.
+.sp
+.LP
+If \fBSASL_INTERACT\fR is returned, the library needs some values to be filled
+in before it can proceed. The \fIprompt_need\fR structure is filled in with
+requests. The application fullfills these requests and calls
+\fBsasl_client_start()\fR again with identical parameters. The
+\fIprompt_need\fR parameter is the same pointer as before, but it is filled in
+by the application.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 16n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fImechlist\fR\fR
+.ad
+.RS 16n
+.rt  
+A list of mechanism that the server has available. Punctuation is ignored.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIprompt_need\fR\fR
+.ad
+.RS 16n
+.rt  
+A list of prompts that are needed to continue, if necessary.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIclientout\fR\fR
+.ad
+.br
+.na
+\fB\fIclientoutlen\fR\fR
+.ad
+.RS 16n
+.rt  
+\fIclientout\fR and \fIclientoutlen\fR are created. They contain the initial
+client response to send to the server. It is the job of the client to send them
+over the network to the server. Any protocol specific encodingthat is
+necessary, for example \fBbase64\fR encoding, must be done by the client.
+.sp
+If the protocol lacks client-send-first capability, then set \fIclientout\fR to
+\fINULL\fR. If there is no initial client-send, then *\fIclientout\fR will be
+set to \fINULL\fR on return.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fImech\fR\fR
+.ad
+.RS 16n
+.rt  
+Contains the name of the chosen SASL mechanism, upon success.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_client_start()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CONTINUE\fR\fR
+.ad
+.RS 17n
+.rt  
+The call to \fBsasl_client_start()\fR was successful, and more steps are needed
+in the authentication.
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+AvailablitySUNWlibsasl
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_client_step.3sasl b/usr/src/man/man3sasl/sasl_client_step.3sasl
new file mode 100644
index 0000000000..2fc5b2871d
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_client_step.3sasl
@@ -0,0 +1,174 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_client_step 3SASL "28 Aug 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_client_step \- acquire an auxiliary property context
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_client_step\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fIserverin\fR,
+     \fBsasl_interact_t **\fR\fBunsigned\fR \fIserverinlen\fR, \fIprompt_need\fR,
+     \fBconst char **\fR\fIclientout\fR, \fBsasl_interact_t **\fR\fBunsigned *\fR\fIclientoutlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_client_step()\fR interface performs a step in the
+authentication negotiation. \fBsasl_client_step()\fR returns \fBSASL_OK\fR if
+the complete negotiation is successful. If the negotiation on step is completed
+successfuly, but at least one more step is required, \fBsasl_client_step()\fR
+returns \fBSASL_CONTINUE\fR. A client should not assume an authentication
+negotiaion is successful because the server signaled success through the
+protocol. For example, if the server signaled \fBOK Authentication succeeded\fR
+in IMAP, \fBsasl_client_step()\fR should be called one more time with a
+\fIserverinlen\fR of zero.
+.sp
+.LP
+If a call to \fBsasl_client_step()\fR returns \fBSASL_INTERACT\fR, the library
+requires some values before \fBsasl_client_step()\fR can proceed. The
+\fIprompt_need\fR structure will be filled with the requests. The application
+should fulfull these requests and call \fBsasl_client_step()\fR again with
+identical parameters. The \fIprompt_need\fR parameter will be the same pointer
+as before, but it will have been filled in by the application.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 16n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIserverin\fR\fR
+.ad
+.RS 16n
+.rt  
+The data given by the server. The data is decoded if the protocol encodes
+requests sent over the wire.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIserverinlen\fR\fR
+.ad
+.RS 16n
+.rt  
+The length of the \fIserverin\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIclientout\fR\fR
+.ad
+.br
+.na
+\fB\fIclientoutlen\fR\fR
+.ad
+.RS 16n
+.rt  
+\fIclientout\fR and \fIclientoutlen\fR are created. They contain the initial
+client response to send to the server. It is the job of the client to send them
+over the network to the server. Any protocol specific encodingthat is
+necessary, for example \fBbase64\fR encoding, must be done by the client.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIprompt_need\fR\fR
+.ad
+.RS 16n
+.rt  
+A list of prompts that are needed to continue, if necessary.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_client_step()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 17n
+.rt  
+The call to \fBsasl_client_start()\fR was successful. Authentication is
+complete.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CONTINUE\fR\fR
+.ad
+.RS 17n
+.rt  
+The call to \fBsasl_client_start()\fR was successful, but at least one more
+step is required for authentication.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_INTERACT\fR\fR
+.ad
+.RS 17n
+.rt  
+The library requires some values before \fBsasl_client_step()\fR can proceed.
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_decode.3sasl b/usr/src/man/man3sasl/sasl_decode.3sasl
new file mode 100644
index 0000000000..5f9172eb7e
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_decode.3sasl
@@ -0,0 +1,134 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_decode 3SASL "28 Aug 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_decode \- decode data received
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_decode\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fIinput\fR, \fBunsigned\fR \fIinputlen\fR,
+     \fBconst char **\fR\fIoutput\fR, \fBunsigned *\fR\fIoutputlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_decode()\fR interface to decode data received. After
+authentication, call this function on all data received. The data is decoded
+from encrypted or signed form to plain data. If no security lay is negotiated,
+the output is identical to the input.
+.sp
+.LP
+Do not give \fBsasl_decode()\fR more data than the negotiated \fBmaxbufsize\fR.
+See \fBsasl_getprop\fR(3SASL).
+.sp
+.LP
+\fBsasl_decode()\fR can complete successfully although the value of
+\fIoutputlen\fR is zero. If this is the case, wait for more data and call
+\fBsasl_decode()\fR again.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 13n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIinput\fR\fR
+.ad
+.RS 13n
+.rt  
+Data received.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIinputlen\fR\fR
+.ad
+.RS 13n
+.rt  
+The length of \fIinput\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutput\fR\fR
+.ad
+.RS 13n
+.rt  
+The decoded data. \fIoutput\fR must be allocated or freed by the library.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutputlen\fR\fR
+.ad
+.RS 13n
+.rt  
+The length of \fIoutput\fR.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_decode()\fR returns an integer that corresponds to a SASL error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_decode()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsasl_getprop\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_decode64.3sasl b/usr/src/man/man3sasl/sasl_decode64.3sasl
new file mode 100644
index 0000000000..06dd9e50d7
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_decode64.3sasl
@@ -0,0 +1,123 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_decode64 3SASL "16 Sep 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_decode64 \- decode base64 string
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslutil.h>
+
+\fBint\fR \fBsasl_decode64\fR(\fBconst char *\fR\fIin\fR, \fBunsigned\fR \fIinlen\fR, \fBchar *\fR\fIout\fR,
+     \fBunsigned\fR \fIoutmax\fR,\fBunsigned *\fR\fIoutlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_decode64()\fR interface to decode a base64 encoded buffer.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIin\fR\fR
+.ad
+.RS 10n
+.rt  
+Input data.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIinlen\fR\fR
+.ad
+.RS 10n
+.rt  
+The length of the input data.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIout\fR\fR
+.ad
+.RS 10n
+.rt  
+The output data. The value of \fIout\fR can be the same as \fIin\fR. However,
+there must be enough space.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutlen\fR\fR
+.ad
+.RS 10n
+.rt  
+The length of the actual output.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutmax\fR\fR
+.ad
+.RS 10n
+.rt  
+The maximum size of the output buffer.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_decode64()\fR returns an integer that corresponds to a SASL error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_decode64()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_dispose.3sasl b/usr/src/man/man3sasl/sasl_dispose.3sasl
new file mode 100644
index 0000000000..b4ca91c236
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_dispose.3sasl
@@ -0,0 +1,65 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_dispose 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_dispose \- dispose of a SASL connection object
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBvoid\fR  \fBsasl_dispose\fR(\fBsasl_conn_t **\fR\fIpconn\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_dispose()\fR interface when a SASL connection object is no
+longer needed. Generally, the SASL connection object is no longer needed when
+the protocol session is completed, not when authentication is completed, as a
+security layer may have been negotiated.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpconn\fR\fR
+.ad
+.RS 9n
+.rt  
+The SASL connection context
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_dispose()\fR has no return values.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_done.3sasl b/usr/src/man/man3sasl/sasl_done.3sasl
new file mode 100644
index 0000000000..9e92f1e70a
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_done.3sasl
@@ -0,0 +1,52 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_done 3SASL "1 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_done \- dispose of all SASL plug-ins
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBvoid\fR  \fBsasl_encode\fR(void)
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Make a call to the \fBsasl_done()\fR interface when the application is
+completely done with the SASL library. You must call \fBsasl_dispose\fR(3SASL)
+before you make a call to \fBsasl_done()\fR.
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_done()\fR has no return values.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_dispose\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_encode.3sasl b/usr/src/man/man3sasl/sasl_encode.3sasl
new file mode 100644
index 0000000000..ce67b691b8
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_encode.3sasl
@@ -0,0 +1,159 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_encode 3SASL "22 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_encode, sasl_encodev \- encode data for transport to an authenticated host
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_encode\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fIinput\fR, \fBunsigned\fR \fIinputlen\fR,
+     \fBconst char **\fR\fIoutput\fR, \fBunsigned *\fR\fIoutputlen\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR  \fBsasl_encodev\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst struct iovec *\fR\fIinvec\fR,
+     \fBunsigned\fR \fInumiov\fR, \fBconst char *\fR\fIoutputlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_encode()\fR interface encodes data to be sent to a remote host for
+which there has been a successful authentication session. If there is a
+negotiated security, the data is signed or encrypted, and the output is sent
+without modification to the remote host. If there is no security layer, the
+output is identical to the input.
+.sp
+.LP
+The \fBsasl_encodev()\fR interface functions the same as the
+\fBsasl_encode()\fR interface, but operates on a \fBstruct iovec\fR instead of
+a character buffer.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 13n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIinput\fR\fR
+.ad
+.RS 13n
+.rt  
+Data.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIinputlen\fR\fR
+.ad
+.RS 13n
+.rt  
+\fIinput\fR length.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutput\fR\fR
+.ad
+.RS 13n
+.rt  
+The encoded data. \fIoutput\fR must be allocated or freed by the library.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutputlen\fR\fR
+.ad
+.RS 13n
+.rt  
+The length of \fIoutput\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIinvec\fR\fR
+.ad
+.RS 13n
+.rt  
+A pointer to set of \fBiovec\fR structures.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fInumiov\fR\fR
+.ad
+.RS 13n
+.rt  
+The number of \fBiovec\fR structures in the \fIinvec\fR set.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_encode()\fR returns an integer that corresponds to a SASL error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_encode()\fR or \fBsasl_encodev()\fRwas successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_encode64.3sasl b/usr/src/man/man3sasl/sasl_encode64.3sasl
new file mode 100644
index 0000000000..4545422394
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_encode64.3sasl
@@ -0,0 +1,134 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_encode64 3SASL "16 Sep 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_encode64 \- encode base64 string
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslutil.h>
+
+\fBint\fR \fBsasl_encode64\fR(\fBconst char *\fR\fIin\fR, \fBunsigned\fR \fIinlen\fR, \fBchar *\fR\fIout\fR,
+     \fBunsigned\fR \fIoutmax\fR, \fBunsigned *\fR\fIoutlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_encode64()\fR interface to convert an octet string into a
+base64 string. This routine is useful for SASL profiles that use base64, such
+as the IMAP (IMAP4) and POP (POP_AUTH) profiles. The output is null-terminated.
+If \fIoutlen\fR is non-\fINULL\fR, the length is placed in the \fIoutlen\fR.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIin\fR\fR
+.ad
+.RS 10n
+.rt  
+Input data.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIinlen\fR\fR
+.ad
+.RS 10n
+.rt  
+The length of the input data.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIout\fR\fR
+.ad
+.RS 10n
+.rt  
+The output data. The value of \fIout\fR can be the same as \fIin\fR. However,
+there must be enough space.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutlen\fR\fR
+.ad
+.RS 10n
+.rt  
+The length of the actual output.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutmax\fR\fR
+.ad
+.RS 10n
+.rt  
+The maximum size of the output buffer.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_encode64()\fR returns an integer that corresponds to a SASL error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 16n
+.rt  
+The call to \fBsasl_encode64()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BUFOVER\fR\fR
+.ad
+.RS 16n
+.rt  
+The output buffer was too small.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_erasebuffer.3sasl b/usr/src/man/man3sasl/sasl_erasebuffer.3sasl
new file mode 100644
index 0000000000..e6180bf5bf
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_erasebuffer.3sasl
@@ -0,0 +1,78 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_erasebuffer 3SASL "16 Sep 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_erasebuffer \- erase buffer
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslutil.h>
+
+\fBvoid\fR \fBsasl_erasebuffer\fR(\fBchar *\fR\fIpass\fR, \fBunsigned\fR \fIlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_erasebuffer()\fR interface to erase a security sensitive buffer
+or password. The implementation may use recovery-resistant erase logic.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpass\fR\fR
+.ad
+.RS 8n
+.rt  
+A password
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIlen\fR\fR
+.ad
+.RS 8n
+.rt  
+The length of the password
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+The \fBsasl_erasebuffer()\fR interface returns no return values.
+.SH ERRORS
+.sp
+.LP
+None.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_errdetail.3sasl b/usr/src/man/man3sasl/sasl_errdetail.3sasl
new file mode 100644
index 0000000000..6b3eae762a
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_errdetail.3sasl
@@ -0,0 +1,67 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_errdetail 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_errdetail \- retrieve detailed information about an error
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBconst char *\fR \fBsasl_errdetail\fR(\fBsasl_conn_t *\fR\fIconn\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_errdetail()\fR interface returns an internationalized string that
+is a message that describes the error that occurred on a SASL connection. The
+\fBsasl_errdetail()\fR interface provides a more user friendly error message
+than the SASL error code returned when SASL indicates that an error has
+occurred on a connection. See \fBsasl_errors\fR(3SASL).
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 8n
+.rt  
+The SASL connection context for which the inquiry is made.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_errdetail()\fR returns the string that describes the error that
+occurred, or \fINULL\fR, if there was an error retrieving it.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsasl_seterror\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_errors.3sasl b/usr/src/man/man3sasl/sasl_errors.3sasl
new file mode 100644
index 0000000000..727f41f84a
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_errors.3sasl
@@ -0,0 +1,369 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_errors 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_errors \- SASL error codes
+.SH SYNOPSIS
+.LP
+.nf
+#include <\fBsasl/sasl.h\fR>
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+This man page describes the general error codes that can be returned by calls
+into the SASL library. The meaning of the error code can vary slightly based
+upon the context of the call from which it is returned.
+.SH ERRORS
+.SS "Common Result Codes"
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 17n
+.rt  
+The call was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CONTINUE\fR\fR
+.ad
+.RS 17n
+.rt  
+Another step is required for authentication.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_FAILURE\fR\fR
+.ad
+.RS 17n
+.rt  
+Generic failure.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMEM\fR\fR
+.ad
+.RS 17n
+.rt  
+Memory shortage failure.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BUFOVER\fR\fR
+.ad
+.RS 17n
+.rt  
+Overflowed buffer.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMECH\fR\fR
+.ad
+.RS 17n
+.rt  
+The mechanism was not supported, or no mechanisms matched the requirements.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADPROT\fR\fR
+.ad
+.RS 17n
+.rt  
+The protocol was bad, invalid or cancelled.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOT DONE\fR\fR
+.ad
+.RS 17n
+.rt  
+Cannot request information. Not applicable until later in the exchange.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADPARAM\fR\fR
+.ad
+.RS 17n
+.rt  
+An invalid parameter was supplied.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_TRYAGAIN\fR\fR
+.ad
+.RS 17n
+.rt  
+Transient failure, for example, a weak key.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADMAC\fR\fR
+.ad
+.RS 17n
+.rt  
+Integrity check failed.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOTINIT\fR\fR
+.ad
+.RS 17n
+.rt  
+SASL library not initialized.
+.RE
+
+.SS "Client Only Result Codes"
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_INTERACT\fR\fR
+.ad
+.RS 18n
+.rt  
+Needs user interaction.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADSERV\fR\fR
+.ad
+.RS 18n
+.rt  
+Server failed mutual authentication step.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_WRONGMECH\fR\fR
+.ad
+.RS 18n
+.rt  
+Mechanism does not support the requested feature.
+.RE
+
+.SS "Server Only Result Codes"
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADAUTH\fR\fR
+.ad
+.RS 17n
+.rt  
+Authentication failure.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOAUTHZ\fR\fR
+.ad
+.RS 17n
+.rt  
+Authorization failure.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_TOOWEAK\fR\fR
+.ad
+.RS 17n
+.rt  
+The mechanism is too weak for this user.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_ENCRYPT\fR\fR
+.ad
+.RS 17n
+.rt  
+Encryption is needed to use this mechanism.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_TRANS\fR\fR
+.ad
+.RS 17n
+.rt  
+One time use of a plaintext password will enable requested mechanism for user.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_EXPIRED\fR\fR
+.ad
+.RS 17n
+.rt  
+The passphrase expired and must be reset.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_DISABLED\fR\fR
+.ad
+.RS 17n
+.rt  
+Account disabled.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOUSER\fR\fR
+.ad
+.RS 17n
+.rt  
+User not found.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADVERS\fR\fR
+.ad
+.RS 17n
+.rt  
+Version mismatch with plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOVERIFY\fR\fR
+.ad
+.RS 17n
+.rt  
+The user exists, but there is no verifier for the user.
+.RE
+
+.SS "Password Setting Result Codes"
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_PWLOCK\fR\fR
+.ad
+.RS 19n
+.rt  
+Passphrase locked.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOCHANGE\fR\fR
+.ad
+.RS 19n
+.rt  
+The requested change was not needed.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_WEAKPASS\fR\fR
+.ad
+.RS 19n
+.rt  
+The passphrase is too weak for security policy.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOUSERPASS\fR\fR
+.ad
+.RS 19n
+.rt  
+User supplied passwords are not permitted.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_errstring.3sasl b/usr/src/man/man3sasl/sasl_errstring.3sasl
new file mode 100644
index 0000000000..c988d6e51a
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_errstring.3sasl
@@ -0,0 +1,102 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_errstring 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_errstring \- translate a SASL return code to a human-readable form
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBconst char *\fR \fBsasl_errstring\fR(\fBint\fR \fIsaslerr\fR, \fBconst char *\fR\fIlanglist\fR,
+     \fBconst char **\fR\fIoutlang\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_errstring()\fR interface is called to convert a SASL return code
+from an integer into a human readable string.
+.sp
+.LP
+You should not used the \fBsasl_errstring()\fR interface to extract error code
+information from SASL. Applications should use \fBsasl_errdetail\fR(3SASL)
+instead, which contains this error information and more.
+.sp
+.LP
+The \fBsasl_errstring()\fR interface supports only \fBi-default\fR and
+\fBi-local\fR at this time.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIsaslerr\fR\fR
+.ad
+.RS 12n
+.rt  
+The error number to be translated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIlanglist\fR\fR
+.ad
+.RS 12n
+.rt  
+A comma-separated list of languages. See \fIRFC 1766\fR. If the\fIlanglist\fR
+parameter has a\fINULL\fR value, the default language,\fBi-default\fR, is used.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoutlang\fR\fR
+.ad
+.RS 12n
+.rt  
+The language actually used. The \fIoutlang\fR parameter can be \fINULL\fR. The
+returned error string is in \fBUTF-8\fR.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_errstring()\fR returns the string that describes the error that
+occurred, or \fINULL\fR, if there was an error retrieving it.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsasl_seterror\fR(3SASL), \fBattributes\fR(5)
+.sp
+.LP
+Alvestrand, H. \fIRFC 1766, Tags for the Identification of Languages\fR.
+Network Working Group. November 1995.
diff --git a/usr/src/man/man3sasl/sasl_getcallback_t.3sasl b/usr/src/man/man3sasl/sasl_getcallback_t.3sasl
new file mode 100644
index 0000000000..f9d4239434
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_getcallback_t.3sasl
@@ -0,0 +1,139 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_getcallback_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_getcallback_t \- callback function to lookup a sasl_callback_t for a
+connection
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslplug.h>
+
+\fBint\fR \fBsasl_getcallback_t\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBunsigned long\fR \fIcallbacknum\fR,
+     \fBint\fR \fI(**proc)\fR( ), \fBvoid **\fR\fIpcontext\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_getcallback_t()\fR function is a callback to lookup a
+sasl_callback_t for a connection.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 15n
+.rt  
+The connection to lookup a callback for.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcallbacknum\fR\fR
+.ad
+.RS 15n
+.rt  
+The number of the callback.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIproc\fR\fR
+.ad
+.RS 15n
+.rt  
+Pointer to the callback function. The value of \fIproc\fR is set to \fINULL\fR
+upon failure.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpcontext\fR\fR
+.ad
+.RS 15n
+.rt  
+Pointer to the callback context. The value of \fIpcontext\fR is set to
+\fINULL\fR upon failure.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_getcallback_t()\fR returns an
+integer that corresponds to a SASL error code. See <\fBsasl.h\fR> for a
+complete list of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 17n
+.rt  
+The call to \fBsasl_getcallback_t()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_FAIL\fR\fR
+.ad
+.RS 17n
+.rt  
+Unable to find a callback of the requested type.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_INTERACT\fR\fR
+.ad
+.RS 17n
+.rt  
+The caller must use interaction to get data.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_getopt_t.3sasl b/usr/src/man/man3sasl/sasl_getopt_t.3sasl
new file mode 100644
index 0000000000..088b19a99e
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_getopt_t.3sasl
@@ -0,0 +1,130 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_getopt_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_getopt_t \- the SASL get option callback function
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_getopt_t\fR(\fBvoid *\fR\fIcontext\fR, \fBconst char *\fR\fIplugin_name\fR,
+     \fBconst char *\fR\fIoption\fR, \fBconst char **\fR\fIresult\fR, \fBunsigned *\fR\fIlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_getopt_t()\fR function allows a SASL configuration to be
+encapsulated in the caller's configuration system. Some implementations may use
+default configuration file(s) if this function is omitted. Configuration items
+are arbitrary strings and are plug-in specific.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 15n
+.rt  
+The option context from the callback record.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIplugin_name\fR\fR
+.ad
+.RS 15n
+.rt  
+The name of the plug-in. If the value of \fIplugin_name\fR is \fINULL\fR, the
+the plug-in is a general SASL option.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoption\fR\fR
+.ad
+.RS 15n
+.rt  
+The name of the option.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIresult\fR\fR
+.ad
+.RS 15n
+.rt  
+The value of \fIresult\fR is set and persists until the next call to
+\fBsasl_getopt_t()\fR in the same thread. The value of \fIresult\fR is
+unchanged if \fIoption\fR is not found.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIlen\fR\fR
+.ad
+.RS 15n
+.rt  
+The length of \fIresult\fR. The value of \fIresult\fR can be \fINULL\fR.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_getopt_t()\fR returns an integer
+that corresponds to a SASL error code. See <\fBsasl.h\fR> for a complete list
+of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_getopt_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_getpath_t.3sasl b/usr/src/man/man3sasl/sasl_getpath_t.3sasl
new file mode 100644
index 0000000000..6564c9b4d7
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_getpath_t.3sasl
@@ -0,0 +1,95 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_getpath_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_getpath_t \- the SASL callback function to indicate location of the
+security mechanism drivers
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_getpath_t\fR(\fBvoid *\fR\fIcontext\fR, \fBchar **\fR\fIpath\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_getpath_t()\fR function to enable the application to use a
+different location for the SASL security mechanism drivers, which are shared
+library files. If the \fBsasl_getpath_t()\fR callback is not used, SASL uses
+\fB/usr/lib/sasl\fR by default.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 11n
+.rt  
+The getpath context from the callback record
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpath\fR\fR
+.ad
+.RS 11n
+.rt  
+The path(s) for the location of the SASL security mechanism drivers. The values
+for \fIpath\fR are colon-separated.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_getpath_t()\fR returns an integer
+that corresponds to a SASL error code. See <\fBsasl.h\fR> for a complete list
+of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_getpath_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_getprop.3sasl b/usr/src/man/man3sasl/sasl_getprop.3sasl
new file mode 100644
index 0000000000..c7c0d8b3dc
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_getprop.3sasl
@@ -0,0 +1,233 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_getprop 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_getprop \- get a SASL property
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_getprop\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBint\fR \fIpropnum\fR, \fBconst void **\fR\fIpvalue\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_getprop()\fR interface to get the value of a SASL property. For
+example, after successful authentication, a server may want to know the
+authorization name. Similarly, a client application may want to know the
+strength of the security level that was negotiated.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 11n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpropnum\fR\fR
+.ad
+.RS 11n
+.rt  
+The identifier for the property requested.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpvalue\fR\fR
+.ad
+.RS 11n
+.rt  
+The value of the SASL property. This value is filled in upon a successful call.
+Possible SASL values include:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_USERNAME\fR\fR
+.ad
+.RS 21n
+.rt  
+A pointer to a null-terminated user name.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_SSF\fR\fR
+.ad
+.RS 21n
+.rt  
+The security layer security strength factor. If the value of \fBSASL_SSF\fR is
+0, a call to \fBsasl_encode()\fR or \fBsasl_decode()\fR is unnecessary.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_MAXOUTBUF\fR\fR
+.ad
+.RS 21n
+.rt  
+The maximum size of output buffer returned by the selected security mechanism
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_DEFUSERREALM\fR\fR
+.ad
+.RS 21n
+.rt  
+Server authentication realm used.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_GETOPTCTX\fR\fR
+.ad
+.RS 21n
+.rt  
+The context for \fBgetopt()\fR callback.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_IPLOCALPORT\fR\fR
+.ad
+.RS 21n
+.rt  
+Local address string.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_IPREMOTEPORT\fR\fR
+.ad
+.RS 21n
+.rt  
+Remote address string.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_SERVICE\fR\fR
+.ad
+.RS 21n
+.rt  
+Service passed on to \fBsasl_*_new()\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_SERVERFQDN\fR\fR
+.ad
+.RS 21n
+.rt  
+Server FQDN passed on to \fBsasl_*_new()\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_AUTHSOURCE\fR\fR
+.ad
+.RS 21n
+.rt  
+Name of authentication source last used. Useful for failed authentication
+tracking.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_MECHNAME\fR\fR
+.ad
+.RS 21n
+.rt  
+Active mechanism name, if any.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_PLUGERR\fR\fR
+.ad
+.RS 21n
+.rt  
+Similar to \fBsasl_errdetail()\fR.
+.RE
+
+.RE
+
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_getprop()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_getrealm_t.3sasl b/usr/src/man/man3sasl/sasl_getrealm_t.3sasl
new file mode 100644
index 0000000000..026ee7a087
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_getrealm_t.3sasl
@@ -0,0 +1,121 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_getrealm_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_getrealm_t \- the realm acquisition callback function
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_getrealm_t\fR(\fBvoid *\fR\fIcontext\fR, \fBint\fR \fIid\fR, \fBconst char **\fR\fIavailrealms\fR,
+     \fBconst char **\fR\fIresult\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_getrealm_t()\fR functionwhen there is an interaction with
+\fBSASL_CB_GETREALM\fR as the type.
+.sp
+.LP
+If a mechanism would use this callback, but it is not present, then the first
+realm listed is automatically selected. A mechanism can still force the
+existence of a getrealm callback by \fBSASL_CB_GETREALM\fR to its
+\fBrequired_prompts\fR list.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 15n
+.rt  
+The context from the callback record
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIid\fR\fR
+.ad
+.RS 15n
+.rt  
+The callback ID (\fBSASL_CB_GETREALM\fR)
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIavailrealms\fR\fR
+.ad
+.RS 15n
+.rt  
+A string list of the vailable realms. \fIavailrealms\fR is a null-terminated
+sting that can be empty.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIresult\fR\fR
+.ad
+.RS 15n
+.rt  
+The chosen realm. \fIresult\fR is a null-terminated string.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_getrealm_t()\fR returns an integer
+that corresponds to a SASL error code. See <\fBsasl.h\fR> for a complete list
+of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_getrealm_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_getsecret_t.3sasl b/usr/src/man/man3sasl/sasl_getsecret_t.3sasl
new file mode 100644
index 0000000000..02bc39fbdb
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_getsecret_t.3sasl
@@ -0,0 +1,121 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_getsecret_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_getsecret_t \- the SASL callback function for secrets (passwords)
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_getsecret_t\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBvoid *\fR\fIcontext\fR,
+     \fBint\fR \fIid\fR, \fBsasl_secret_t **\fR\fIpsecret\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_getsecret_t()\fR function to retrieve the secret from the
+application. Allocate a \fBsasl_secret_t\fR to length
+\fBsizeof(sasl_secret_t)+<length of secret>\fR. \fBsasl_secret_t\fR has two
+fields of \fIlen\fR which contain the length of \fIsecret\fR in bytes and the
+data contained in \fIsecret\fR. The \fIsecret\fR string does not need to be
+null-terminated.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 11n
+.rt  
+The connection context
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 11n
+.rt  
+The context from the callback structure
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIid\fR\fR
+.ad
+.RS 11n
+.rt  
+The callback ID
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpsecret\fR\fR
+.ad
+.RS 11n
+.rt  
+To cancel, set the value of \fIpsecret\fR to \fINULL\fR. Otherwise, set the
+value to the password structure. The structure must persist until the next call
+to \fBsasl_getsecret_t()\fR in the same connection. Middleware erases password
+data when it is done with it.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_getsecret_t()\fR returns an integer
+that corresponds to a SASL error code. See <\fBsasl.h\fR> for a complete list
+of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_getsecret_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_getsimple_t.3sasl b/usr/src/man/man3sasl/sasl_getsimple_t.3sasl
new file mode 100644
index 0000000000..d15953207b
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_getsimple_t.3sasl
@@ -0,0 +1,164 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_getsimple_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_getsimple_t \- the SASL callback function for username, authname and realm
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_getsimple_t\fR(\fBvoid *\fR\fIcontext\fR, \fBint\fR \fIid\fR, \fBconst char **\fR\fIresult\fR,
+     \fBunsigned *\fR\fIlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_getsimple_t()\fR callback function to retrieve simple data from
+the application such as the authentication name, the authorization name, and
+the realm. The \fIid\fR parameter indicates which value is requested.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 11n
+.rt  
+The context from the callback structure.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIid\fR\fR
+.ad
+.RS 11n
+.rt  
+The callback ID. Possible values for \fIid\fR include:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CB_USER\fR\fR
+.ad
+.RS 20n
+.rt  
+Client user identity for login.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CB_AUTHNAME\fR\fR
+.ad
+.RS 20n
+.rt  
+Client authentication name.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CB_LANGUAGE\fR\fR
+.ad
+.RS 20n
+.rt  
+Comma-separated list of languages pursuant to \fIRFC 1766\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CB_CNONCE\fR\fR
+.ad
+.RS 20n
+.rt  
+The client-nonce. This value is used primarily for testing.
+.RE
+
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIresult\fR\fR
+.ad
+.RS 11n
+.rt  
+To cancel user, set the value of \fIresult\fR with a null-terminated string. If
+the value of \fIresult\fR is \fINULL\fR, then the user is cancelled.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIlen\fR\fR
+.ad
+.RS 11n
+.rt  
+The length of \fIresult\fR.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_getsimple_t()\fR returns an integer
+that corresponds to a SASL error code. See <\fBsasl.h\fR> for a complete list
+of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_getsimple_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
+.sp
+.LP
+Alvestrand, H. \fIRFC 1766, Tags for the Identification of Languages\fR.
+Network Working Group. November 1995.
diff --git a/usr/src/man/man3sasl/sasl_global_listmech.3sasl b/usr/src/man/man3sasl/sasl_global_listmech.3sasl
new file mode 100644
index 0000000000..6c50b97379
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_global_listmech.3sasl
@@ -0,0 +1,53 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_global_listmech 3SASL "1 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_global_listmech \- retrieve a list of the supported SASL mechanisms
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBconst char **\fR \fBsasl_global_listmech\fR(\fB\fR \fI \fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_global_listmech()\fR interface to returns a null-terminated array
+of strings that lists all of the mechanisms that are loaded by either the
+client or server side of the library.
+.SH RETURN VALUES
+.sp
+.LP
+A successful call to \fBsasl_global_listmech()\fR returns a pointer the array.
+On failure, \fINULL\fR is returned. The SASL library is uninitialized.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_idle.3sasl b/usr/src/man/man3sasl/sasl_idle.3sasl
new file mode 100644
index 0000000000..474cac24c2
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_idle.3sasl
@@ -0,0 +1,86 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_idle 3SASL "28 Aug 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_idle \- perform precalculations during an idle period
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_idle\fR(\fBsasl_conn_t *\fR\fIconn\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_idle()\fR interface during an idle period to allow the SASL
+library or any mechanisms to perform any necessary precalculation.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 8n
+.rt  
+The SASL connection context. The value of \fIconn\fR can be \fINULL\fR in order
+to complete a precalculation before the connection takes place.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_idle()\fR returns the following values:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB1\fR\fR
+.ad
+.RS 5n
+.rt  
+Indicates action was taken
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB0\fR\fR
+.ad
+.RS 5n
+.rt  
+Indicates no action was taken
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_listmech.3sasl b/usr/src/man/man3sasl/sasl_listmech.3sasl
new file mode 100644
index 0000000000..8dcb954221
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_listmech.3sasl
@@ -0,0 +1,166 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_listmech 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_listmech \- retrieve a list of the supported SASL mechanisms
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_listmech\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fIuser\fR, \fBconst char *\fR\fIprefix\fR,
+     \fBconst char *\fR\fIsep\fR, \fBconst char *\fR\fIsuffix\fR, \fBconst char **\fR\fIresult\fR,
+     \fBunsigned *\fR\fIplen\fR,\fBint *\fR\fIpcount\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_listmech()\fR interface returns a string listing the SASL names of
+all the mechanisms available to the specified user. This call is typically
+given to the client through a capability command or initial server response.
+Client applications need this list so that they know what mechanisms the server
+supports.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 10n
+.rt  
+The SASL context for this connection user restricts the mechanism list to those
+mechanisms available to the user. This parameter is optional.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuser\fR\fR
+.ad
+.RS 10n
+.rt  
+Restricts security mechanisms to those available to that user. The value of
+\fIuser\fR may be \fINULL\fR, and it is not used if called by the client
+application.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIprefix\fR\fR
+.ad
+.RS 10n
+.rt  
+Appended to the beginning of \fIresult\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIsep\fR\fR
+.ad
+.RS 10n
+.rt  
+Appended between mechanisms.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIsuffix\fR\fR
+.ad
+.RS 10n
+.rt  
+Appended to the end of \fIresult\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIresult\fR\fR
+.ad
+.RS 10n
+.rt  
+A null-terminated result string. \fIresult\fR must be allocated or freed by the
+library.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIplen\fR\fR
+.ad
+.RS 10n
+.rt  
+The length of the result filled in by the library. The value of \fIplen\fR may
+be \fINULL\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpcount\fR\fR
+.ad
+.RS 10n
+.rt  
+The number of mechanisms available. The value of \fIpcount\fR is filled in by
+the library. The value of \fIpcount\fR may be \fINULL\fR
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_listmech()\fR returns an integer that corresponds to a SASL error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_listmech()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_log_t.3sasl b/usr/src/man/man3sasl/sasl_log_t.3sasl
new file mode 100644
index 0000000000..6317a49a3f
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_log_t.3sasl
@@ -0,0 +1,191 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_log_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_log_t \- the SASL logging callback function
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_log_t\fR(\fBvoid *\fR\fIcontext\fR, \fBint\fR \fIlevel\fR, \fBconst char *\fR\fImessage\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_log_t()\fR function to log warning and error messages from the
+SASL library. \fBsyslog\fR(3C) is used, unless another logging function is
+specified.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 11n
+.rt  
+The logging context from the callback record.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIlevel\fR\fR
+.ad
+.RS 11n
+.rt  
+The logging level. Possible values for \fIlevel\fR include:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_LOG_NONE\fR\fR
+.ad
+.RS 18n
+.rt  
+Do not log anything.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_LOG_ERR\fR\fR
+.ad
+.RS 18n
+.rt  
+Log unusual errors. This is the default log level.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_LOG_FAIL\fR\fR
+.ad
+.RS 18n
+.rt  
+Log all authentication failures.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_LOG_WARN\fR\fR
+.ad
+.RS 18n
+.rt  
+Log non-fatal warnings.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_LOG_NOTE\fR\fR
+.ad
+.RS 18n
+.rt  
+Log non-fatal warnings (more verbose than \fBSASL_LOG_WARN\fR).
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_LOG_DEBUG\fR\fR
+.ad
+.RS 18n
+.rt  
+Log non-fatal warnings (more verbose than \fBSASL_LOG_NOTE\fR).
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_LOG_TRACE\fR\fR
+.ad
+.RS 18n
+.rt  
+Log traces of internal protocols.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_LOG_PASS\fR\fR
+.ad
+.RS 18n
+.rt  
+Log traces of internal protocols, including passwords.
+.RE
+
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fImessage\fR\fR
+.ad
+.RS 11n
+.rt  
+The message to log
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_log_t()\fR returns an integer that
+corresponds to a SASL error code. See <\fBsasl.h\fR> for a complete list of
+SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_log_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsyslog\fR(3C), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_server_add_plugin.3sasl b/usr/src/man/man3sasl/sasl_server_add_plugin.3sasl
new file mode 100644
index 0000000000..f6956863b4
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_server_add_plugin.3sasl
@@ -0,0 +1,114 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_server_add_plugin 3SASL "1 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_server_add_plugin \- add a SASL server plug-in
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslplug.h>
+
+\fBint\fR \fBsasl_server_add_plugin\fR(\fBconst char *\fR\fIplugname\fR,
+     \fBsasl_server_plug_init_t *\fR\fIcplugfunc\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_server_add_plugin()\fR interface to add a server plug-in to the
+current list of client plug-ins in the SASL library.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIplugname\fR\fR
+.ad
+.RS 13n
+.rt  
+The name of the server plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcplugfunc\fR\fR
+.ad
+.RS 13n
+.rt  
+The value of \fIcplugfunc\fR is filled in by the \fBsasl_server_plug_init_t\fR
+structure.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_server_add_plugin()\fR returns an integer that corresponds to a SASL
+error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 16n
+.rt  
+The call to \fBsasl_client_add_plugin()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADVERS\fR\fR
+.ad
+.RS 16n
+.rt  
+Version mismatch with plug-in.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_NOMEM\fR\fR
+.ad
+.RS 16n
+.rt  
+Memory shortage failure.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on other SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_server_init.3sasl b/usr/src/man/man3sasl/sasl_server_init.3sasl
new file mode 100644
index 0000000000..b6ab0c2310
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_server_init.3sasl
@@ -0,0 +1,109 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_server_init 3SASL "22 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_server_init \- SASL server authentication initialization
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_server_init\fR(\fBconst sasl_callback *\fR\fIcallbacks\fR, \fBconst char *\fR\fIappname\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_server_init()\fR interface to initialize SASL. You must call
+\fBsasl_server_init()\fR before you make a call to \fBsasl_server_start()\fR.
+\fBsasl_server_init()\fR may be called only once per process. A call to
+\fBsasl_server_init()\fR initializes all SASL mechanism drivers, that is, the
+authentication mechanisms. The SASL mechanism drivers are usually found in the
+\fB/usr/lib/sasl\fR directory.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcallbacks\fR\fR
+.ad
+.RS 13n
+.rt  
+Specifies the base callbacks for all client connections.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIappname\fR\fR
+.ad
+.RS 13n
+.rt  
+The name of the application for lower level logging. For example, the sendmail
+server calls \fIappname\fR this way:
+.sp
+.in +2
+.nf
+sasl_server_init(srvcallbacks, "Sendmail")
+.fi
+.in -2
+
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_server_init()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_server_init()\fR was successful.
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelUnsafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+While most of \fBlibsasl\fR is MT-Safe, no other \fBlibsasl\fR function should
+be called until this function completes.
diff --git a/usr/src/man/man3sasl/sasl_server_new.3sasl b/usr/src/man/man3sasl/sasl_server_new.3sasl
new file mode 100644
index 0000000000..e4c9a3fee7
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_server_new.3sasl
@@ -0,0 +1,214 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_server_new 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_server_new \- create a new server authentication object
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_server_new\fR(\fBconst char  *\fR\fIservice\fR, \fBconst char  *\fR\fIserverFQDN\fR,
+     \fBconst char  *\fR\fIuser_realm\fR, \fBconst char  *\fR\fIiplocalport\fR,
+     \fBconst char  *\fR\fIipremoteport\fR, \fBconst sasl_callback_t *\fR\fIcallbacks\fR,
+     \fBunsigned\fR \fIflags\fR, \fBsasl_conn_t **\fR\fIpconn\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_server_new()\fR interface to create a new SASL context. This
+context will be used for all SASL calls for one connection. The new SASL
+context handles both authentication and integrity or encryption layers after
+authentication.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIservice\fR\fR
+.ad
+.RS 16n
+.rt  
+The registered name of the service that uses SASL. The registered name is
+usually the protocol name, for example, IMAP.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIserverFQDN\fR\fR
+.ad
+.RS 16n
+.rt  
+The fully-qualified server domain name. If the value of \fIserverFQDN\fR is
+\fINULL\fR, use \fBgethostname\fR(3C). The \fIserverFQDN\fR parameter is useful
+for multi-homed servers.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuser_realm\fR\fR
+.ad
+.RS 16n
+.rt  
+The domain of the user agent. The \fIuser_realm\fR is usually not necessary.
+The default value of \fIuser_realm\fR is \fINULL\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIiplocalport\fR\fR
+.ad
+.RS 16n
+.rt  
+.sp
+.LP
+The IP address and port of the local side of the connection. The value of
+\fIiplocalport\fR may be \fINULL\fR. If \fIiplocalport\fR is \fINULL\fR,
+mechanisms that require IP address information are disabled. The
+\fIiplocalport\fR string must be in one of the following formats:
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fBa.b.c.d:port\fR (IPv4)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fB[e:f:g:h:i:j:k:l]:port\fR (IPv6)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fB[e:f:g:h:i:j:a.b.c.d]:port\fR (IPv6)
+.RE
+.sp
+.LP
+The following older formats are also supported:
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fBa.b.c.d;port\fR (IPv4)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fBe:f:g:h:i:j:k:l;port\fR (IPv6)
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+\fBe:f:g:h:i:j:a.b.c.d;port\fR (IPv6)
+.RE
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIipremoteport\fR\fR
+.ad
+.RS 16n
+.rt  
+The IP address and port of the remote side of the connection. The value of
+\fIipremoteport\fR may be \fINULL\fR. See \fIiplocalport\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcallbacks\fR\fR
+.ad
+.RS 16n
+.rt  
+Callbacks, for example: authorization, lang, and new getopt context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIflags\fR\fR
+.ad
+.RS 16n
+.rt  
+Usage flags. For servers, the flags \fBSASL_NEED_PROXY\fR and
+\fBSASL_SUCCESS_DATA\fR are available.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpconn\fR\fR
+.ad
+.RS 16n
+.rt  
+A pointer to the connection context allocated by the library. This structure
+will be used for all future SASL calls for this connection.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_server_new()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_server_new()\fR was successful.
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBgethostname\fR(3C), \fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_server_plug_init_t.3sasl b/usr/src/man/man3sasl/sasl_server_plug_init_t.3sasl
new file mode 100644
index 0000000000..a14012bb18
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_server_plug_init_t.3sasl
@@ -0,0 +1,125 @@
+'\" te
+.\" Copyright (c) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (c) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_server_plug_init_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_server_plug_init_t \- server plug-in entry point
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslplug.h>
+
+\fBint\fR \fBsasl_server_plug_init_t\fR(\fBconst sasl_utils_t *\fR\fIutils\fR, \fBint\fR \fImax_version\fR,
+     \fBint *\fR\fIout_version\fR, \fBsasl_client_plug_t **\fR\fIpluglist\fR, \fBint *\fR\fIplugcount\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_server_plug_init_t()\fR callback function is the server plug-in
+entry point.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIutils\fR\fR
+.ad
+.RS 15n
+.rt  
+The utility callback functions.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fImax_version\fR\fR
+.ad
+.RS 15n
+.rt  
+The highest server plug-in version supported.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIout_version\fR\fR
+.ad
+.RS 15n
+.rt  
+The server plug-in version of the result.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpluglist\fR\fR
+.ad
+.RS 15n
+.rt  
+The list of server mechanism plug-ins.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIplugcount\fR\fR
+.ad
+.RS 15n
+.rt  
+The number of server mechanism plug-ins.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_server_plug_init_t()\fR returns an
+integer that corresponds to a SASL error code. See <\fBsasl.h\fR> for a
+complete list of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_server_plug_init_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_server_start.3sasl b/usr/src/man/man3sasl/sasl_server_start.3sasl
new file mode 100644
index 0000000000..2ee8bdab5c
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_server_start.3sasl
@@ -0,0 +1,158 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_server_start 3SASL "1 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_server_start \- create a new server authentication object
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_server_start\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char  *\fR\fImech\fR,
+     \fBconst char  *\fR\fIclientin\fR,\ \fBunsigned *\fR\fIclientinlen\fR,
+     \fBconst char  **\fR\fIserverout\fR, \fBunsigned *\fR\fIserveroutlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_server_start()\fR interface begins the authentication with the
+mechanism specified by the \fImech\fR parameter. \fBsasl_server_start()\fR
+fails if the mechanism is not supported.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 16n
+.rt  
+The SASL context for this connection.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fImech\fR\fR
+.ad
+.RS 16n
+.rt  
+The mechanism name that the client requested.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIclientin\fR\fR
+.ad
+.RS 16n
+.rt  
+The initial response from the client. The value of \fIclientin\fR is \fINULL\fR
+if the protocol lacks support for the client-send-first or if the other end did
+not have an initial send. No initial client send is distinct from an initial
+send of a null string. The protocol must account for this difference.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIclientinlen\fR\fR
+.ad
+.RS 16n
+.rt  
+The length of the initial response.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIserverout\fR\fR
+.ad
+.RS 16n
+.rt  
+Created by the plugin library. The value of \fIserverout\fR is the initial
+server response to send to the client. \fIserverout\fR is allocated or freed by
+the library. It is the job of the client to send it over the network to the
+server. Protocol specific encoding, for example \fBbase64\fR encoding, must be
+done by the server.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIserveroutlen\fR\fR
+.ad
+.RS 16n
+.rt  
+The length of the initial server challenge.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_server_start()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 17n
+.rt  
+Authentication completed successfully.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CONTINUE\fR\fR
+.ad
+.RS 17n
+.rt  
+The call to \fBsasl_server_start()\fR was successful, and more steps are needed
+in the authentication.
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that must be handled, or the
+authentication session should be quit. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBgethostname\fR(3C), \fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_server_step.3sasl b/usr/src/man/man3sasl/sasl_server_step.3sasl
new file mode 100644
index 0000000000..052f767e56
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_server_step.3sasl
@@ -0,0 +1,132 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_server_step 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_server_step \- perform a step in the server authentication negotiation
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_server_step\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char  *\fR\fIclientin\fR,
+     \fBunsigned\fR \fIclientinlen\fR, \fBconst char  **\fR\fIserverout\fR,
+     \fBunsigned *\fR\fIserveroutlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_server_step()\fR performs a step in the authentication negotiation.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 16n
+.rt  
+The SASL context for this connection.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIclientin\fR\fR
+.ad
+.RS 16n
+.rt  
+The data given by the client. The data is decoded if the protocol encodes
+requests that are sent over the wire.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIclientinlen\fR\fR
+.ad
+.RS 16n
+.rt  
+The length of \fIclientin\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIserverout\fR\fR
+.ad
+.br
+.na
+\fB\fIserveroutlen\fR\fR
+.ad
+.RS 16n
+.rt  
+Set by the library and sent to the client.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_server_step()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 17n
+.rt  
+The whole authentication completed successfully.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_CONTINUE\fR\fR
+.ad
+.RS 17n
+.rt  
+The call to \fBsasl_server_step()\fR was successful, and at least one more step
+is needed for the authentication.
+.RE
+
+.sp
+.LP
+All other error codes indicate an error situation that you must handle, or you
+should quit the authentication session. See \fBsasl_errors\fR(3SASL) for
+information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_server_userdb_checkpass_t.3sasl b/usr/src/man/man3sasl/sasl_server_userdb_checkpass_t.3sasl
new file mode 100644
index 0000000000..1a5c903ec0
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_server_userdb_checkpass_t.3sasl
@@ -0,0 +1,138 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_server_userdb_checkpass_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_server_userdb_checkpass_t \- plaintext password verification callback
+function
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_sasl_server_userdb_checkpass_t\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBvoid *\fR\fIcontext\fR,
+     \fBconst char *\fR\fIuser\fR, \fBconst char *\fR\fIpass\fR, \fBunsigned\fR \fIpasslen\fR, \fBstruct propctx *\fR\fIpropctx\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_sasl_server_userdb_checkpass_t()\fR callback function to verify
+a plaintext password against the callback supplier's user database.
+Verification allows additional ways to encode the \fBuserPassword\fR property.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 11n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 11n
+.rt  
+The context from the callback record.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuser\fR\fR
+.ad
+.RS 11n
+.rt  
+A null-terminated user name with \fBuser@realm\fR syntax.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpass\fR\fR
+.ad
+.RS 11n
+.rt  
+The password to check. This string cannot be null-terminated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpasslen\fR\fR
+.ad
+.RS 11n
+.rt  
+The length of \fIpass\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpropctx\fR\fR
+.ad
+.RS 11n
+.rt  
+The property context to fill in with \fBuserPassword\fR.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_server_userdb_checkpass_t()\fR
+returns an integer that corresponds to a SASL error code. See <\fBsasl.h\fR>
+for a complete list of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_server_userdb_checkpass_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_server_userdb_setpass_t.3sasl b/usr/src/man/man3sasl/sasl_server_userdb_setpass_t.3sasl
new file mode 100644
index 0000000000..5437f1bd37
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_server_userdb_setpass_t.3sasl
@@ -0,0 +1,150 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_server_userdb_setpass_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_server_userdb_setpass_t \- user database plaintext password setting
+callback function
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_server_userdb_setpass_t\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBvoid *\fR\fIcontext\fR,
+     \fBconst char *\fR\fIuser\fR, \fBconst char *\fR\fIpass\fR, \fBunsigned\fR \fIpasslen\fR, \fBstruct propctx *\fR\fIpropctx\fR,
+     \fBunsigned\fR \fIflags\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_server_userdb_setpass_t()\fR callback function to store or
+change a a plaintext password in the callback supplier's user database.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 11n
+.rt  
+The SASL connection context.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 11n
+.rt  
+The context from the callback record.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuser\fR\fR
+.ad
+.RS 11n
+.rt  
+A null-terminated user name with \fBuser@realm\fR syntax.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpass\fR\fR
+.ad
+.RS 11n
+.rt  
+The password to check. This string cannot be null-terminated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpasslen\fR\fR
+.ad
+.RS 11n
+.rt  
+The length of \fIpass\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpropctx\fR\fR
+.ad
+.RS 11n
+.rt  
+Auxiliary properties. The value of \fIpropctx\fR is not stored.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIflags\fR\fR
+.ad
+.RS 11n
+.rt  
+See \fBsasl_setpass\fR(3SASL). \fBsasl_server_userdb_setpass_t()\fR uses the
+same \fIflags\fR that are passed to \fBsasl_setpass()\fR.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_server_userdb_setpass_t()\fR
+returns an integer that corresponds to a SASL error code. See <\fBsasl.h\fR>
+for a complete list of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_server_userdb_setpass_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsasl_setpass\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_set_alloc.3sasl b/usr/src/man/man3sasl/sasl_set_alloc.3sasl
new file mode 100644
index 0000000000..0e3740fb1b
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_set_alloc.3sasl
@@ -0,0 +1,102 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_set_alloc 3SASL "22 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_set_alloc \- set the memory allocation functions used by the SASL library
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBvoid\fR \fBsasl_set_alloc\fR(\fBsasl_malloc_t *\fR\fIm\fR, \fBsasl_calloc_t *\fR\fIc\fR, \fBsasl_realloc_t *\fR\fIr\fR,
+     \fBsasl_free_t *\fR\fIf\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_set_alloc()\fR interface to set the memory allocation routines
+that the SASL library and plug-ins will use.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIc\fR\fR
+.ad
+.RS 5n
+.rt  
+A pointer to a \fBcalloc()\fR function
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIf\fR\fR
+.ad
+.RS 5n
+.rt  
+A pointer to a \fBfree()\fR function
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIm\fR\fR
+.ad
+.RS 5n
+.rt  
+A pointer to a\fBmalloc()\fR function
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIr\fR\fR
+.ad
+.RS 5n
+.rt  
+A pointer to a \fBrealloc()\fR function
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_set_alloc()\fR has no return values.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelUnsafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+While most of \fBlibsasl\fR is MT-Safe, \fBsasl_set_*\fR modifies the global
+state and should be considered Unsafe.
diff --git a/usr/src/man/man3sasl/sasl_set_mutex.3sasl b/usr/src/man/man3sasl/sasl_set_mutex.3sasl
new file mode 100644
index 0000000000..c4e8d9d89d
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_set_mutex.3sasl
@@ -0,0 +1,102 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_set_mutex 3SASL "22 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_set_mutex \- set the mutex lock functions used by the SASL library
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBvoid\fR \fBsasl_set_mutex\fR(\fBsasl_mutex_alloc_t *\fR\fIa\fR, \fBsasl_mutex_lock_t *\fR\fIl\fR,
+     \fBsasl_mutex_unlock_t *\fR\fIu\fR, \fBsasl_mutex_free_t *\fR\fIf\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_set_mutex()\fR interface to set the mutex lock routines that
+the SASL library and plug-ins will use.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIa\fR\fR
+.ad
+.RS 5n
+.rt  
+A pointer to the mutex lock allocation function
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIf\fR\fR
+.ad
+.RS 5n
+.rt  
+A pointer to the mutex free or destroy function
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIl\fR\fR
+.ad
+.RS 5n
+.rt  
+A pointer to the mutex lock function
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIu\fR\fR
+.ad
+.RS 5n
+.rt  
+A pointer to the mutex unlock function
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_set_mutex()\fR has no return values.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelUnsafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+While most of \fBlibsasl\fR is MT-Safe, \fBsasl_set_*\fR modifies the global
+state and should be considered Unsafe.
diff --git a/usr/src/man/man3sasl/sasl_seterror.3sasl b/usr/src/man/man3sasl/sasl_seterror.3sasl
new file mode 100644
index 0000000000..5e193bffc9
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_seterror.3sasl
@@ -0,0 +1,108 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_seterror 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_seterror \- set the error string
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBvoid\fR \fBsasl_seterror\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBunsigned\fR \fIflags\fR,
+     \fBconst char *\fR\fIfmt\fR, ...);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBsasl_seterror()\fR interface sets the error string that will be returned
+by \fBsasl_errdetail\fR(3SASL). Use \fBsyslog\fR(3C) style formatting, that is,
+use \fBprintf()\fR\(emstyle with \fB%m\fR as the most recent \fBerrno\fR error.
+.sp
+.LP
+The \fBsasl_seterror()\fR interface is primarily used by server callback
+functions and internal plug-ins, for example, with the \fBsasl_authorize_t\fR
+callback. The \fBsasl_seterror()\fR interface triggers a call to the SASL
+logging callback, if any, with a level of \fBSASL_LOG_FAIL\fR, unless the
+\fBSASL_NOLOG\fR flag is set.
+.sp
+.LP
+Make the message string sensitive to the current language setting. If there is
+no \fBSASL_CB_LANGUAGE\fR callback, message strings must be \fBi-default\fR.
+Otherwise, UTF-8 is used. Use of \fIRFC 2482\fR for mixed-language text is
+encouraged.
+.sp
+.LP
+If the value of \fIconn\fR is \fINULL\fR, the \fBsasl_seterror()\fR interface
+fails.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 9n
+.rt  
+The \fBsasl_conn_t\fR for which the call to \fBsasl_seterror()\fR applies.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIflags\fR\fR
+.ad
+.RS 9n
+.rt  
+If set to \fBSASL_NOLOG\fR, the call to \fBsasl_seterror()\fR is not logged.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIfmt\fR\fR
+.ad
+.RS 9n
+.rt  
+A \fBsyslog\fR(3C) style format string.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_seterror()\fR has no return values.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errdetail\fR(3SASL), \fBsyslog\fR(3C), \fBattributes\fR(5)
+.sp
+.LP
+Whistler, K. and Adams, G. \fIRFC 2482, Language Tagging in Unicode Plain
+Text\fR. Network Working Group. January 1999.
diff --git a/usr/src/man/man3sasl/sasl_setpass.3sasl b/usr/src/man/man3sasl/sasl_setpass.3sasl
new file mode 100644
index 0000000000..feb6690460
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_setpass.3sasl
@@ -0,0 +1,150 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_setpass 3SASL "15 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_setpass \- set the password for a user
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_setpass\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBconst char *\fR\fIuser\fR, \fBconst char *\fR\fIpass\fR,
+     \fBunsigned\fR \fIpasslen\fR, \fBconst char *\fR\fIoldpass\fR, \fBunsigned\fR \fIoldpasslen\fR,
+     \fBunsigned\fR \fIflags\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_setpass()\fR interface to set passwords. \fBsasl_setpass()\fR
+uses the \fBSASL_CB_SERVER_USERDB_SETPASS\fR callback, if one is supplied.
+Additionally, if any server mechanism plugins supply a setpass callback, the
+setpass callback would be called. None of the server mechanism plugins
+currently supply a setpass callback.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 14n
+.rt  
+The SASL connection context
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIuser\fR\fR
+.ad
+.RS 14n
+.rt  
+The username for which the password is set
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpass\fR\fR
+.ad
+.RS 14n
+.rt  
+The password to set
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpasslen\fR\fR
+.ad
+.RS 14n
+.rt  
+The length of \fIpass\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoldpass\fR\fR
+.ad
+.RS 14n
+.rt  
+The old password, which is optional
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIoldpasslen\fR\fR
+.ad
+.RS 14n
+.rt  
+The length of \fIoldpass\fR, which is optional
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIflags\fR\fR
+.ad
+.RS 14n
+.rt  
+Refers to flags, including, \fBSASL_SET_CREATE\fR and \fBSASL_SET_DISABLE\fR.
+Use these flags to create and disable accounts.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_setpass()\fR returns an integer that corresponds to a SASL error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_setpass()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBsasl_getprop\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_setprop.3sasl b/usr/src/man/man3sasl/sasl_setprop.3sasl
new file mode 100644
index 0000000000..1c090bca5f
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_setprop.3sasl
@@ -0,0 +1,175 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_setprop 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_setprop \- set a SASL property
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBint\fR \fBsasl_setprop\fR(\fBsasl_conn_t *\fR\fIconn\fR, \fBint\fR \fIpropnum\fR, \fBconst void *\fR\fIpvalue\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_setprop()\fR interface to set the value of a SASL property. For
+example, an application can use \fBsasl_setprop()\fR to tell the SASL liabrary
+about any external negotiated security layer like TLS.
+.sp
+.LP
+\fBsasl_setprop()\fR uses the following flags.
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_AUTH_EXTERNAL\fR\fR
+.ad
+.RS 22n
+.rt  
+External authentication ID that is a pointer of type \fBconst char\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_SSF_EXTERNAL\fR\fR
+.ad
+.RS 22n
+.rt  
+External SSF active of type \fBsasl_ssf_t\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_DEFUSERREALM\fR\fR
+.ad
+.RS 22n
+.rt  
+User realm that is a pointer of type \fBconst char\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_SEC_PROPS\fR\fR
+.ad
+.RS 22n
+.rt  
+\fBsasl_security_properties_t\fR, that can be freed after the call
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_IPLOCALPORT\fR\fR
+.ad
+.RS 22n
+.rt  
+A string that describes the local ip and port in the form \fBa.b.c.d:p\fR or
+\fB[e:f:g:h:i:j:k:l]:port\fR or one of the older forms, \fBa.b.c.d;p\fR or
+\fBe:f:g:j:i:j:k:l;port\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_IPREMOTEPORT\fR\fR
+.ad
+.RS 22n
+.rt  
+A string that describes the remote ip and port in the form \fBa.b.c.d:p\fR or
+\fB[e:f:g:h:i:j:k:l]:port\fR or one of the older forms, \fBa.b.c.d;p\fR or
+\fBe:f:g:j:i:j:k:l;port\fR
+.RE
+
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIconn\fR\fR
+.ad
+.RS 11n
+.rt  
+The SASL connection context
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpropnum\fR\fR
+.ad
+.RS 11n
+.rt  
+The identifier for the property requested
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIpvalue\fR\fR
+.ad
+.RS 11n
+.rt  
+Contains a pointer to the data. The application must ensure that the data type
+is correct, or the application can crash.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_setprop()\fR returns an integer that corresponds to a SASL error code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_setprop()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_utf8verify.3sasl b/usr/src/man/man3sasl/sasl_utf8verify.3sasl
new file mode 100644
index 0000000000..07ba02612b
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_utf8verify.3sasl
@@ -0,0 +1,99 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_utf8verify 3SASL "1 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_utf8verify \- encode base64 string
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/saslutil.h>
+
+\fBint\fR \fBsasl_utf8verify\fR(\fBconst char *\fR\fIstr\fR, \fBunsigned\fR \fIlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_utf8verify()\fR interface to verify that a string is valid
+UTF-8 and does not contain \fINULL\fR, a carriage return, or a linefeed. If
+\fIlen\fR ==0, \fBstrlen\fR(\fIstr\fR) will be used.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIstr\fR\fR
+.ad
+.RS 7n
+.rt  
+A string
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIlen\fR\fR
+.ad
+.RS 7n
+.rt  
+The length of the string
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+\fBsasl_utf8verify()\fR returns an integer that corresponds to a SASL error
+code.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 16n
+.rt  
+The call to \fBsasl_utf8verify()\fR was successful.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_BADPROT\fR\fR
+.ad
+.RS 16n
+.rt  
+There was invalid UTF-8, or an error was found.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_verifyfile_t.3sasl b/usr/src/man/man3sasl/sasl_verifyfile_t.3sasl
new file mode 100644
index 0000000000..72eb99e8e0
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_verifyfile_t.3sasl
@@ -0,0 +1,112 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_verifyfile_t 3SASL "27 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_verifyfile_t \- the SASL file verification callback function
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+typedef enum {
+       SASL_VRFY_PLUGIN,       /* a DLL/shared library plugin */
+       SASL_VRFY_CONF,         /* a configuration file */
+       SASL_VRFY_PASSWD,       /* a password storage file */
+       SASL_VRFY_OTHER         /* some other file type */
+} sasl_verify_tyep_t
+
+\fBint\fR \fBsasl_verifyfile_t\fR(\fBvoid *\fR\fIcontext\fR, \fBconst char *\fR\fIfile\fR,
+     \fBsasl_verifyfile_t\fR \fItype\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_verifyfile_t()\fR callback function check whether a given file
+can be used by the SASL library. Applications use \fBsasl_verifyfile_t()\fR to
+check the environment to ensure that plugins or configuration files cannot be
+written to.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIcontext\fR\fR
+.ad
+.RS 11n
+.rt  
+The context from the callback record
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIfile\fR\fR
+.ad
+.RS 11n
+.rt  
+The full path of the file to verify
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fItype\fR\fR
+.ad
+.RS 11n
+.rt  
+The type of the file
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Like other SASL callback functions, \fBsasl_verifyfile_t()\fR returns an
+integer that corresponds to a SASL error code. See <\fBsasl.h\fR> for a
+complete list of SASL error codes.
+.SH ERRORS
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSASL_OK\fR\fR
+.ad
+.RS 11n
+.rt  
+The call to \fBsasl_verifyfile_t()\fR was successful.
+.RE
+
+.sp
+.LP
+See \fBsasl_errors\fR(3SASL) for information on SASL error codes.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBsasl_errors\fR(3SASL), \fBattributes\fR(5)
diff --git a/usr/src/man/man3sasl/sasl_version.3sasl b/usr/src/man/man3sasl/sasl_version.3sasl
new file mode 100644
index 0000000000..77a3e328c6
--- /dev/null
+++ b/usr/src/man/man3sasl/sasl_version.3sasl
@@ -0,0 +1,75 @@
+'\" te
+.\" Copyright (C) 1998-2003, Carnegie Mellon Univeristy.  All Rights Reserved.
+.\" Portions Copyright (C) 2003, Sun Microsystems,
+.\" Inc. All Rights Reserved
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sasl_version 3SASL "14 Oct 2003" "SunOS 5.11" "Simple Authentication Security Layer Library Functions"
+.SH NAME
+sasl_version \- get SASL library version information
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR ... ] \fIfile\fR ... \fB-lsasl\fR   [ \fIlibrary\fR ... ]
+#include <sasl/sasl.h>
+
+\fBvoid\fR \fBsasl_version\fR(\fBconst char **\fR\fIimplementation\fR, \fBint *\fR\fIversion\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+Use the \fBsasl_version()\fR interface to obtain the version of the SASL
+library.
+.SH PARAMETERS
+.sp
+.ne 2
+.mk
+.na
+\fB\fIimplementation\fR\fR
+.ad
+.RS 18n
+.rt  
+A vendor-defined string that describes the implementation. The value of
+\fIimplementation\fRreturned is \fBSun SASL\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIversion\fR\fR
+.ad
+.RS 18n
+.rt  
+A vendor-defined represetation of the version number.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+The \fBsasl_version()\fR interface has no return values.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityEvolving
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBattributes\fR(5)