Right now we cycle through a number of authentication mechanisms, and if authentication fails the user gets a very unhelpful exception.

This should be simplified to negotiate and carry out a single authentication mechanism type and report as much information about the failure as possible to the user (bearing in mind that the server may not report a specific reason for an authentication failure for security reasons).

Errors that might be relayed:

• Authentication failed
• Mechanism failed

The SaslException should probably just come directly back to the user.