SASL is a protocol that allows you to mix several different schemes. You could (if the server supports it) use GSSAPI (e.g., authenticate using Kerberos or Active Directory, i.e., the backend for enterprises). You could instead use, say, EAP. Or you could use OAuth 2. Or you could use SSL certificates. Or you could forgo any of that and just use CRAM-MD5 or SCRAM-SHA-1 or SCRAM-SHA-256 for regular password authentication. Or, if you're really lazy, you could just use a plaintext user/password combination.