Does [authmeth] standardize an authentication method which does not disclose the user's password to the server? If not, is there a suitable method like that we could add? For situations with untrusted servers, or where there is a danger that users will be conned into contacting hostile servers. -- Hallvard