On Sun, 11 Apr 2004, Prash wrote:

> One last question tho.
> Is it ok for the external digest authenticator to return "ERR" or should it
> always return HA1. If I have to return HA1, then I guess I should make up
> some dummy HA1 if I want my auth to fail.

ERR is correct if the username does not exists or otherwise does not have
a H(A1) password hash.

Will clarify this detail in the documentation for the next release.