Comment 75 for bug 24220

You can even argue if CRAM-MD5 is *really* secure. Besides of that, the label for the current behaviour really should be "use secure authentication mechanisms".
Besides of that I like what Nelson writes on disabling the use of plain text passwords. That would additionally need some code changes (which shouldn't be hard) and should get filed as a new bug.

On your initial problem, Boris, I currently don't see why it doesn't work for you with "use secure authentication". The server advertises GSSAPI which falls into the secure category. What's the specific error description you get?