Book: How to Configure Server Security
Revision: 3054cc5
Section: A.2.1. Support Level for SASL Authentication Mechanisms

This issue follows up on original JBEAP-7694.

Information how and when to use SASL mechanisms. Hopefully DEV team can provide these information. The form could be for instance a set of examples - e.g. (this are just few pieces based on testing):

• when you want to authenticate with Kerberos, use one of GSSAPI, GS2-KRB5, GS2-KRB5-PLUS
• for SSL/TLS client certificate authentication use EXTERNAL mechanism
• when you need a password credentials propagation to be working on server, use PLAIN mechanism
• for authentication without credentials use ANONYMOUS mechanism
• when mechanism has its channel binding variant (-PLUS), use it always when the underlying connection is a SSL/TLS one