to do a comparative analysis of the functions it makes sense to know one side very well. i found it easier to understand factotum and compare the others to factotum. to me SASL is more like the functions of factotum's rpc and proto files. Window's Local Security Authority (LSA) combined with Security Support Provider Interface (SSPI) and the corresponding protocol DDL's, is more comparable to factotum's credentials caching, rpc/proto/needkey, etc fs interface and how it negotiates change of identity of a verified process using cap(3). on Linux, for a server, SASL+setuid program+PAM is sort-of like factotum and SASL+app is sort of like factotum for a client.