You are here: Administrator's Guide > Securing FME Server > Connecting to Active Directory > Useful Concepts for Active Directory Configurations > SASL Authentication

SASL Authentication

Simple authentication and security layer (SASL) is the term for a framework of mechanisms that allow for secured authentication to take place over an unencrypted or encrypted communications channel. SASL is one of two ways a client can securely authenticate with Active Directory.

Windows domains are most commonly configured to take advantage of SASL authentication over an unencrypted communications channel. The default SASL mechanism used for authentication is Kerberos V5, in which a series of encrypted tickets are exchanged between the authenticating client and the domain controller.

FME Server currently supports two SASL mechanisms, Kerberos V5 and MD5 message digest.

To enable SASL authentication, see SECURITY_AD_USE_SASL_AUTHENTICATION.