Yes, I do now understand what you want.
You don't use the "my server requires authentication" when using Port 25, that port should never have authentication on it. If you forced authentication on that port then any mail server that sends mail to you would have to authenticate.
If you want your users to authenticate then port 587 is the correct Submissions port to use and the change in master.cf would achieve that, the 'but' in this scenario is that your users would have to change their client behaviour to use that port.
OK, let's take a step backwards and ask why you want the outgoing mail to be authenticated? Remember that your user has already authenticated against your server by logging into it and providing a valid ligin id/password, why do you want them to do it again?