The SCRAM-SHA-1 mechanism is designed to provide (almost) the same capabilities as CRAM-MD5 and DIGEST-MD5 but use modern cryptographic techniques such as HMAC-SHA-1 hashing and PKCS#5 PBKDF2 key derivation. SCRAM-SHA-1 supports authorization identities. Like CRAM-MD5 and DIGEST-MD5, only a hashed password is transferred. Consequently, SCRAM-SHA-1 needs access to the correct password to verify the client response.
In the client, this mechanism is always enabled, and it requires the
GSASL_AUTHID property, and either GSASL_PASSWORD or
GSASL_SCRAM_SALTED_PASSWORD. If set, GSASL_AUTHZID will
be used by the client. To be able to return the proper
GSASL_SCRAM_SALTED_PASSWORD value, the client needs to check
the GSASL_SCRAM_ITER and GSASL_SCRAM_SALT values which
are available when the GSASL_SCRAM_SALTED_PASSWORD property is
queried for.
In the server, the mechanism will require the GSASL_PASSWORD
callback property, which may use the GSASL_AUTHID property to
determine which users' password should be used. The
GSASL_AUTHID will be in normalized form. The server will then
normalize the returned password, and compare the client response with
the computed correct response, and accept the user accordingly. The
server may also set the GSASL_SCRAM_ITER and
GSASL_SCRAM_SALT properties to influence the values to be used
by clients to derive a key from a password.
Currently channel bindings are not supported, so there is no support for SCRAM-SHA-1-PLUS.