However, I don't actually have access to the user passwords, so I can't do the usual "compare hashed passwords" deal, and having the user send an unhashed password in the clear (so I can try binding to LDAP as them) is unacceptable.
This implies either
- some other public-key encryption scheme
- some aspect of LDAP authentication I'm not familiar with
I guess the real question is whether I can persuade Evan to add support for this :) It's okay if not every client in existence can connect to a secure-login-only LiveJournal server, we just need one good Win32 client and one good Unix client, and right now LoserJabber and Evan's upcoming Win32 client look like the most promising candidates.
I dunno. Any thoughts?