Sorry, this is slightly off topic. We use a (homegrown) checkpassword programm (with MySQL support) that also does APOP authentification for POP3. I'd like to add SMTP AUTH (based on Eric M. Johnston qmail-smtpd AUTH patch 20010105). >From what I've read from the RFCs (I'm not so good with crypto things :( I am rather sure ;-) that APOP and CRAM-MD5 are not compatible. However I'd like to - if possible - maintain one codebase for our checkpassword programm and not have two different versions. Is there a chance to tell from the digest whether it's a APOP (i.e. plain MD5) or a CRAM-MD5 digest? (Otherwise I'd probably try to make a really ugly hack and look at argv[1] to decide whether it's called in a POP3 sequence or a smtpd one). Thanks, \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.