degesch: document the SASL EXTERNAL support

So far it's only been mentioned in the NEWS file, which is definitely not sufficient. It would be good to move this kind of stuff out from README.adoc.
author: Přemysl Eric Janouch <p@janouch.name> 2021-05-29 06:38:33 +0200
committer: Přemysl Eric Janouch <p@janouch.name> 2021-05-29 06:38:33 +0200
commit: c75ef167f21c398856706468ca3917f9b64cef32 (patch)
tree: 2b7a643f38d7e1d06f7838748a631406b9281745 /README.adoc
parent: ddffc71abe49a6d9f87b005e0814cb71a2ae8d54 (diff)
download: xK-c75ef167f21c398856706468ca3917f9b64cef32.tar.gz
xK-c75ef167f21c398856706468ca3917f9b64cef32.tar.xz
xK-c75ef167f21c398856706468ca3917f9b64cef32.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/README.adoc b/README.adoc
index 550fda9..f4200e5 100644
--- a/README.adoc
+++ b/README.adoc
@@ -125,6 +125,10 @@ as a `forking` type systemd user service.
 
 Client Certificates
 -------------------
+'degesch' will use the SASL EXTERNAL method to authenticate using the TLS
+client certificate specified by the respective server's `tls_cert` option
+if you add `sasl` to the `capabilities` option and the server supports this.
+
 'kike' uses SHA-1 fingerprints of TLS client certificates to authenticate users.
 To get the fingerprint from a certificate file in the required form, use:
author	Přemysl Eric Janouch <p@janouch.name>	2021-05-29 06:38:33 +0200
committer	Přemysl Eric Janouch <p@janouch.name>	2021-05-29 06:38:33 +0200
commit	c75ef167f21c398856706468ca3917f9b64cef32 (patch)
tree	2b7a643f38d7e1d06f7838748a631406b9281745 /README.adoc
parent	ddffc71abe49a6d9f87b005e0814cb71a2ae8d54 (diff)
download	xK-c75ef167f21c398856706468ca3917f9b64cef32.tar.gz xK-c75ef167f21c398856706468ca3917f9b64cef32.tar.xz xK-c75ef167f21c398856706468ca3917f9b64cef32.zip