It's funny that an entire family of convoluted challenge-response authentication algorithms became obsolete overnight after mandatory TLS. Now it's just "auth plain".
Timeline
Post
Remote status
Replies
2
@niconiconi and tbh its bad that we just use plaintext in tls everywhere.
@niconiconi well why bother when the link is already secured? though the greybeards wanted you to be doing this over a SASL handler (later factotum)