Let me guess: They don't know about LOGINDISABLED, which is used to tell a client that login is currently disabled for it, typically because it's neither using TLS nor connecting from the local host.

https://datatracker.ietf.org/doc/rfc9051/ and search for LOGINDISABLED.