I guessed something like that, and I was going to look for a means to detect what mechs support it, because the idassert code currently assumes that when configured to use SASL method authz will be done natively by SASL.
I suggest you just hardcode it for DIGEST-MD5 (and skip if not available). Maybe support PLAIN as well (but you'll have to configure both client & server to allow it without TLS.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html