SASL EXTERNAL is a SASL Mechanism allows a client to request the server to use credentials established by means external to the mechanism to authenticate the client.

SASL EXTERNAL means may be, for instance, IP Security RFC 4301 or TLS services. In absence of some a prior agreement between the client and the server, the client cannot make any assumption as to what SASL EXTERNAL means the server has used to obtain the client's credentials, nor make an assumption as to the form of credentials. For example, the client cannot assume that the server will use the credentials the client has established via TLS.

More Information#

There might be more information for this subject on one of the following: