Digest auth does not allow usage of precomputed A1 hashes
Currently, the digest authentication library requires that it be provided with the plaintext password of a user before it can perform authentication. This is not necessary; the A1 hash (see [http://tools.ietf.org/html/rfc2617#section-3.2.2 RFC 2617 section 3.2.2]) can be computed once and then stored securely. Some way of specifying that the 'users' argument to lib.auth.digest_auth contains precomputed hashes would be very nice.
This behavior can be monkey-patched in by replacing httpauth._computeDigestResponse, but that's obviously not the best way to do it. :) If needed, I could prepare a patch for trunk.
Reported by email@example.com