Where does Sendmail get authentication from?

For reasons I can't get into at the moment, I'm authenticating to an SMB domain (using Samba 4.9.5 on a Debian host as the DC, if it matters) with a Mint Linux server in the domain with Samba 4.11.6 using Sendmail 8.15.2. I have Thunderbird on a third, Windows machine. The mail server also has Dovecot 2.3.7.2 installed. From Thunderbird, I can view, open and manipulate mailboxes with domain credentials. However, I cannot send mail, the same credentials that work to open the mailbox via Dovecot fail password validation when trying to send to port 587 on Sendmail. I do have a local account for the domain user, I'm told Dovecot needs that in order to keep its data. It seems to me that I somehow have to tell Sendmail to use the domain credentials rather than the local ones, but while I can see how to tell it how to accept credentials, I don't see how to tell it how to authenticate them. Am I missing something?

So I found an answer, but I've hit a wall. I'll post what I know, for the sake of future visitors, and may expand on this later if it turns out that there is information that I've missed.

The specific answer is, SMTP AUTH authenticates users by querying sasl. A standard install of Debian Linux may include parts of sasl but not all of it; it appears that you have to retrieve and install sasl-bin as well, in order to get saslauthd, and then edit its config file in order to enable and start the daemon. Of course pretty much all of the documentation an internet search returns is about sasl and what's available is sasl2, but recent versions of sendmail, despite things I've seen that say otherwise, do support sasl2.

I still am not getting authentication - it's not accepting my passwords - but it looks like I'm closer.