Simple authentication and security layer (SASL) is the term for a framework of mechanisms that allow for secured authentication to take place over an unencrypted or encrypted communications channel. SASL is one of two ways a client can securely authenticate with Active Directory.
Windows domains are most commonly configured to take advantage of SASL authentication over an unencrypted communications channel. The default SASL mechanism used for authentication is Kerberos V5, in which a series of encrypted tickets are exchanged between the authenticating client and the domain controller.
See Also