You can even argue if CRAM-MD5 is *really* secure. Besides of that, the label for the current behaviour really should be "use secure authentication mechanisms".
Besides of that I like what Nelson writes on disabling the use of plain text passwords. That would additionally need some code changes (which shouldn't be hard) and should get filed as a new bug.
On your initial problem, Boris, I currently don't see why it doesn't work for you with "use secure authentication". The server advertises GSSAPI which falls into the secure category. What's the specific error description you get?
You can even argue if CRAM-MD5 is *really* secure. Besides of that, the label for the current behaviour really should be "use secure authentication mechanisms".
Besides of that I like what Nelson writes on disabling the use of plain text passwords. That would additionally need some code changes (which shouldn't be hard) and should get filed as a new bug.
On your initial problem, Boris, I currently don't see why it doesn't work for you with "use secure authentication". The server advertises GSSAPI which falls into the secure category. What's the specific error description you get?