--- a/src/auth/auth-plain.c	Mon Jan 20 13:49:29 2003 +0200
+++ b/src/auth/auth-plain.c	Mon Jan 20 15:53:31 2003 +0200
@@ -13,7 +13,7 @@
 {
 	struct auth_cookie_reply_data *cookie_reply = cookie->context;
 	struct auth_reply_data reply;
-	const char *user;
+	const char *authid, *authenid;
 	char *pass;
 	size_t i, count, len;
 
@@ -23,27 +23,29 @@
 	reply.result = AUTH_RESULT_FAILURE;
 	memcpy(reply.cookie, cookie->cookie, AUTH_COOKIE_SIZE);
 
-	/* data should contain user\0...\0pass */
-	user = (const char *) data;
-	pass = NULL;
+	/* authorization ID \0 authentication ID \0 pass.
+	   we'll ignore authorization ID for now. */
+	authid = (const char *) data;
+	authenid = NULL; pass = NULL;
+
 	count = 0;
 	for (i = 0; i < request->data_size; i++) {
-		if (data[i] == '\0' && ++count == 2) {
-			i++;
-			if (i == request->data_size)
-				pass = "";
+		if (data[i] == '\0') {
+			if (++count == 1)
+				authenid = data + i+1;
 			else {
+				i++;
 				len = request->data_size - i;
 				pass = t_malloc(len+1);
-                                memcpy(pass, (const char *) data + i, len);
-                                pass[len] = '\0';
+				memcpy(pass, data + i, len);
+				pass[len] = '\0';
+				break;
 			}
-			break;
 		}
 	}
 
 	if (pass != NULL) {
-		if (userinfo->verify_plain(user, pass, cookie_reply)) {
+		if (userinfo->verify_plain(authenid, pass, cookie_reply)) {
 			cookie_reply->success = TRUE;
 			reply.result = AUTH_RESULT_SUCCESS;
 

--- a/src/login/client-authenticate.c	Mon Jan 20 13:49:29 2003 +0200
+++ b/src/login/client-authenticate.c	Mon Jan 20 15:53:31 2003 +0200
@@ -208,9 +208,8 @@
 		return TRUE;
 	}
 
-	/* code it into user\0user\0password */
+	/* authorization ID \0 authentication ID \0 pass */
 	buffer_set_used_size(client->plain_login, 0);
-	buffer_append(client->plain_login, user, strlen(user));
 	buffer_append_c(client->plain_login, '\0');
 	buffer_append(client->plain_login, user, strlen(user));
 	buffer_append_c(client->plain_login, '\0');