about saslprep
would a server not reject a password on a new account, if saslprep was not used?
or does the server apply sasl prep, and then generate the hashes it stores for future use?