From c75ef167f21c398856706468ca3917f9b64cef32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Eric=20Janouch?= <p@janouch.name>
Date: Sat, 29 May 2021 06:38:33 +0200
Subject: [PATCH] degesch: document the SASL EXTERNAL support

So far it's only been mentioned in the NEWS file,
which is definitely not sufficient.

It would be good to move this kind of stuff out from README.adoc.
---
 README.adoc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.adoc b/README.adoc
index 550fda9..f4200e5 100644
--- a/README.adoc
+++ b/README.adoc
@@ -125,6 +125,10 @@ as a `forking` type systemd user service.
 
 Client Certificates
 -------------------
+'degesch' will use the SASL EXTERNAL method to authenticate using the TLS
+client certificate specified by the respective server's `tls_cert` option
+if you add `sasl` to the `capabilities` option and the server supports this.
+
 'kike' uses SHA-1 fingerprints of TLS client certificates to authenticate users.
 To get the fingerprint from a certificate file in the required form, use: