According to RFC2554:
"If the client wishes to cancel an authentication exchange, it issues a line with a single "*". If the server receives such an answer, it MUST reject the AUTH command by sending a 501 reply."
Like this (from a Postfix session):
501 5.7.0 Authentication aborted