--- a/src/auth/auth-request.c	Fri Feb 24 14:26:21 2006 +0200
+++ b/src/auth/auth-request.c	Fri Feb 24 15:41:57 2006 +0200
@@ -547,6 +547,11 @@
 bool auth_request_set_username(struct auth_request *request,
 			       const char *username, const char **error_r)
 {
+	if (request->original_username == NULL) {
+		/* the username may change later, but we need to use this
+		   username when verifying at least DIGEST-MD5 password */
+		request->original_username = p_strdup(request->pool, username);
+	}
 	if (request->cert_username) {
 		/* cert_username overrides the username given by
 		   authentication mechanism. */
@@ -659,7 +664,7 @@
 	}
 
 	ret = password_verify(plain_password, crypted_password, scheme,
-			      request->user);
+			      request->original_username);
 	if (ret < 0) {
 		auth_request_log_error(request, subsystem,
 				       "Unknown password scheme %s", scheme);

--- a/src/auth/auth-request.h	Fri Feb 24 14:26:21 2006 +0200
+++ b/src/auth/auth-request.h	Fri Feb 24 15:41:57 2006 +0200
@@ -28,6 +28,10 @@
            has validated user as a valid master user, master_user is set to
            user and user is set to requested_login_user. */
         char *user, *requested_login_user, *master_user;
+	/* original_username contains the username exactly as given by the
+	   client. this is needed at least with DIGEST-MD5 for password
+	   verification */
+	const char *original_username;
 	char *mech_password; /* set if verify_plain() is called */
 	char *passdb_password; /* set after password lookup if successful */
         /* extra_fields are returned in authentication reply. Fields prefixed