[not sure what you mean by "AUTH based on source IP"; AUTH uses a SASL mechanism based on a shared secret]
probably AUTH EXTERNAL. (and no, AUTH doesn't have to use shared secrets.)