> On 27 Apr 2022, at 12:27 pm, Michael Ströder <mich...@stroeder.com> wrote:
>
>> one way to authenticate may be using Kerberos.
>
> Not recommended for roaming users accessing submission service via public
> Internet.
Suitability depends on the user base, ... my personal mail server
indeed supports SASL GSSAPI submission. There are no users with
weak passwords.
Note also that in principle GSSAPI can support all sorts of novel
authentication mechanisms, so long as client and server agree on
a suitable mechanism OID. The layering of SASL over GSSAPI is
somewhat redundant, ... but I digress.
--
Viktor.
