--- ../vpopmail-5.3.27/vchkpw.c	Wed Aug  6 02:12:25 2003
+++ vchkpw.c	Fri Nov  7 08:59:42 2003
@@ -60,8 +60,8 @@
 #define AUTH_INC_SIZE 155
 char TheName[AUTH_SIZE];
 char TheUser[AUTH_SIZE];
-char ThePass[AUTH_SIZE];
-char TheResponse[AUTH_SIZE];
+char ThePass[AUTH_SIZE]; 	/* for C/R this is 'TheResponse' */
+char TheChallenge[AUTH_SIZE];
 char TheCrypted[AUTH_SIZE];
 char TheDomain[AUTH_SIZE];
 
@@ -90,7 +90,7 @@
 void vlog(int verror, char *TheUser, char *TheDomain, char *ThePass, char *TheName, char *IpAddr, char *LogLine);
 void vchkpw_exit(int err);
 void run_command(char *prog);
-int authcram(unsigned char *challenge, unsigned char *response, unsigned char *password);
+int authcram(unsigned char *response, unsigned char *challenge, unsigned char *password);
 int authapop(unsigned char *password, unsigned char *timestamp, unsigned char *clearpass);
 
 #define POP_CONN  0
@@ -327,7 +327,7 @@
     if ( l==i ) break;
   }
 
-  /* parse out the password */
+  /* parse out the password  (or response or C/R) */
   memset(ThePass,0,AUTH_SIZE);
   for(j=0,++l;l<AUTH_INC_SIZE;++j,++l){
     ThePass[j] = TheDomain[l];
@@ -335,11 +335,11 @@
     if ( l==i ) break;
   }
 
-  /* parse out the response */
-  memset(TheResponse,0,AUTH_SIZE);
+  /* parse out the challenge */
+  memset(TheChallenge,0,AUTH_SIZE);
   for(j=0,++l;l<AUTH_INC_SIZE;++j,++l){
-    TheResponse[j] = TheDomain[l];
-    if ( TheResponse[j] == 0 ) break;
+    TheChallenge[j] = TheDomain[l];
+    if ( TheChallenge[j] == 0 ) break;
     if ( l==i ) break;
   }
 
@@ -389,13 +389,13 @@
   /* Check CRAM-MD5 auth */
   if(ConnType == SMTP_CONN) {
 	  printf("vchkpw: smtp auth\n");
-    cramaccepted = authcram(ThePass,TheResponse,vpw->pw_clear_passwd);
+    cramaccepted = authcram(ThePass,TheChallenge,vpw->pw_clear_passwd);
     if(cramaccepted == 0) strcpy(AuthType, "CRAM-MD5");
   }
 
   /* Check APOP auth */
   if(ConnType == POP_CONN) {
-    apopaccepted = authapop(ThePass,TheResponse,vpw->pw_clear_passwd);
+    apopaccepted = authapop(ThePass,TheChallenge,vpw->pw_clear_passwd);
     if(apopaccepted == 0) strcpy(AuthType, "APOP");
   }
 #endif
@@ -639,7 +639,7 @@
 #endif
 }
 
-int authcram(unsigned char *challenge, unsigned char *response, unsigned char *password)
+int authcram(unsigned char *response, unsigned char *challenge, unsigned char *password)
 {
    unsigned char digest[16];
    unsigned char digascii[33];