Funny enough you can find lots of documents describing tricky setups involving smtp-auth with authentication done against PAM,LDAP or database backends, but there are almost none for a very simple setup using sasldb. Like in my case, you might have a server with few users and you just want to use a single user/pwd combo rather than let them use their own credentials (which might also be used elsewhere) or add over complications with a database backend storing just a few rows.

Required packages:

libgnutls11    1.0.16-13.2sar GNU TLS library - runtime library
libsasl2       2.1.19.dfsg1-0 Authentication abstraction library
libsasl2-modul 2.1.19.dfsg1-0 Pluggable Authentication Modules for SASL
postfix-tls    2.1.5-9        TLS and SASL support for Postfix
sasl2-bin      2.1.19.dfsg1-0 Programs for manipulating the SASL users dat

That will allow you to setup TLS encryption and auth with LOGIN, PLAIN, ANONYMOUS, OTP, CRAM-MD5, and DIGEST-MD5 (with DES support).
A good reading you don't want to skip is the postfix's SASL documentation.
First thing to take care of is main.cf

smtpd_sasl_auth_enable = yes 
smtpd_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes 
smtpd_use_tls = yes 
smtpd_tls_key_file = /etc/postfix/ssl/tls.key
smtpd_tls_cert_file = /etc/postfix/ssl/tls.crt
smtpd_tls_loglevel = 1 
smtpd_tls_received_header = yes 
smtpd_tls_session_cache_timeout = 3600s 
tls_random_source = dev:/dev/urandom

There are a few things suggested elsewhere you want to keep in mind and maybe diverge from (I did). First of all if you specify smtpd_tls_auth_only = yes AUTH wont be offered as a capability when enquiring the server, and you probably dont want that option in the first place. Second if you set smtpd_tls_loglevel to anything greater than 1 you'll end up with lots of stuff in your logs, making parsing/analysis harder. For the ssl certificate's creation you can have a look here.
Dont forget to also grant relay permissions to auth'ed users. Add to main.cf:

smtpd_recipient_restrictions = 
        permit_mynetworks,
	permit_sasl_authenticated, ...

With regard to sasl you want to start creating /etc/postfix/sasl/smtpd.conf. The path depends on the distribution and the filename is constructed based on smtpd_sasl_application_name (default: smtpd) and appending '.conf' to it. To use sasldb as a backend it must contain the following:

pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

Personally I disable PLAIN and LOGIN methods, leaving the more secure -MD5 ones as the only available.
You then need to create a file,/etc/sasldb2, containing the login credentials, which you want to ensure is readable by postfix (installing sasl creates a group called sasl, so you want to add postfix to that). The file will be created by saslpasswd2 if you dont specify an alternative one on the command line. To populate that file, effectively creating the user/password you'll use for smtp-auth, you want to run saslpasswd2 -c -u $myhostname exampleuser. $myhostname must match whatever is defined as myhostname in main.cf, or it wont work.

Enabling SASL authentication in the Postfix SMTP client

If like me you use Mutt or run an instance of postfix locally you probably want to enable smtp-auth at that level rather than at the client's one. All you want is:

/etc/postfix/main.cf:
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    relayhost = [$ip_of_your_server]

/etc/postfix/sasl_passwd:
    [$ip_of_your_server]       username:password

After setting that up you want to run postmap on /etc/postfix/sasl_passwd as for any other postfix's hash backend, and then reload postfix (you dont need to restart it).