degesch: document the SASL EXTERNAL support

So far it's only been mentioned in the NEWS file, which is definitely not sufficient. It would be good to move this kind of stuff out from README.adoc.
2021-05-29 06:38:33 +02:00 · 2021-05-29 06:38:33 +02:00 · c75ef167f2
parent ddffc71abe
commit c75ef167f2
1 changed files with 4 additions and 0 deletions
--- a/README.adoc
+++ b/README.adoc
@ -125,6 +125,10 @@ as a `forking` type systemd user service.

 Client Certificates
 -------------------
+'degesch' will use the SASL EXTERNAL method to authenticate using the TLS
+client certificate specified by the respective server's `tls_cert` option
+if you add `sasl` to the `capabilities` option and the server supports this.
+
 'kike' uses SHA-1 fingerprints of TLS client certificates to authenticate users.
 To get the fingerprint from a certificate file in the required form, use: