--- a/src/login-common/client-common.c	Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/client-common.c	Mon Oct 05 14:13:17 2009 -0400
@@ -205,6 +205,12 @@
 		return "(tried to use disabled plaintext auth)";
 	if (ssl_require_client_cert)
 		return "(cert required, client didn't start TLS)";
+	if (client->auth_tried_unsupported_mech)
+		return "(tried to use unsupported auth mechanism)";
+	if (client->auth_request != NULL && client->auth_attempts == 1)
+		return "(disconnected while authenticating)";
+	if (client->auth_try_aborted && client->auth_attempts == 1)
+		return "(aborted authentication)";
 
 	return t_strdup_printf("(auth failed, %u attempts)",
 			       client->auth_attempts);

--- a/src/login-common/client-common.h	Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/client-common.h	Mon Oct 05 14:13:17 2009 -0400
@@ -41,6 +41,8 @@
 	unsigned int trusted:1;
 	unsigned int authenticating:1;
 	unsigned int auth_tried_disabled_plaintext:1;
+	unsigned int auth_tried_unsupported_mech:1;
+	unsigned int auth_try_aborted:1;
 	/* ... */
 };
 

--- a/src/login-common/sasl-server.c	Mon Oct 05 11:59:43 2009 -0400
+++ b/src/login-common/sasl-server.c	Mon Oct 05 14:13:17 2009 -0400
@@ -144,6 +144,7 @@
 
 	mech = auth_client_find_mech(auth_client, mech_name);
 	if (mech == NULL) {
+		client->auth_tried_unsupported_mech = TRUE;
 		sasl_server_auth_failed(client,
 			"Unsupported authentication mechanism.");
 		return;
@@ -151,6 +152,7 @@
 
 	if (!client->secured && disable_plaintext_auth &&
 	    (mech->flags & MECH_SEC_PLAINTEXT) != 0) {
+		client->auth_tried_disabled_plaintext = TRUE;
 		sasl_server_auth_failed(client,
 			"Plaintext authentication disabled.");
 		return;
@@ -206,5 +208,6 @@
 
 void sasl_server_auth_abort(struct client *client)
 {
+	client->auth_try_aborted = TRUE;
 	sasl_server_auth_cancel(client, NULL, SASL_SERVER_REPLY_AUTH_ABORTED);
 }