--- auth.php.orig	2004-04-16 14:51:02.000000000 +0000
+++ auth.php	2004-12-20 21:59:41.117606115 +0000
@@ -90,13 +90,24 @@
 
   $digest_uri_value = $service . '/' . $host;
 
+  $myuser = explode("|", $username);
+  $authzid = false;
+
+  if (count($myuser) == 2) {
+    $_SESSION["authid"] = $username = $myuser[0];
+    $_GLOBALS["username"] = $_SESSION["username"] = $authzid = $myuser[1];
+  } else if ($_SESSION["authid"]) {
+    $authzid = $username;
+    $username = $_SESSION["authid"];
+  }
+
   // build the $response_value
   //FIXME This will probably break badly if a server sends more than one realm
   $string_a1 = utf8_encode($username).":";
   $string_a1 .= utf8_encode($result['realm']).":";
   $string_a1 .= utf8_encode($password);
   $string_a1 = hmac_md5($string_a1);
-  $A1 = $string_a1 . ":" . $result['nonce'] . ":" . $cnonce;
+  $A1 = $string_a1 . ":" . $result['nonce'] . ":" . $cnonce . ($authzid ? ":" . $authzid : "");
   $A1 = bin2hex(hmac_md5($A1));
   $A2 = "AUTHENTICATE:$digest_uri_value";
   // If qop is auth-int or auth-conf, A2 gets a little extra
@@ -109,7 +120,7 @@
   $response_value = bin2hex(hmac_md5($A1.":".$string_response.":".$A2));
 
   $reply = 'charset=utf-8,username="' . $username . '",realm="' . $result["realm"] . '",';
-  $reply .= 'nonce="' . $result['nonce'] . '",nc=' . $ncount . ',cnonce="' . $cnonce . '",';
+  $reply .= 'nonce="' . $result['nonce'] . '",nc=' . $ncount . ',cnonce="' . $cnonce . '",' . ($authzid ? 'authzid="' . $authzid . '",' : "");
   $reply .= "digest-uri=\"$digest_uri_value\",response=$response_value";
   $reply .= ',qop=' . $qop_value;
   $reply = base64_encode($reply);