The LOGIN mechanism is a non-standard mechanism, and is similar to the PLAIN mechanism except that LOGIN lacks the support for authorization identities. Always use PLAIN instead of LOGIN in new applications.
The callback behaviour is the same as for PLAIN, except that
GSASL_AUTHZID is neither used nor required, and that the server
does not normalize the password using SASLprep.
See Use of SASLprep in LOGIN, for a proposed clarification of the interpretation of a hypothetical LOGIN specification.