diff -rU2 /root/roundcubemail-0.3.1/plugins/http_authentication/http_authentication.php roundcube/plugins/http_authentication/http_authentication.php
--- /root/roundcubemail-0.3.1/plugins/http_authentication/http_authentication.php	2009-04-19 18:44:29.000000000 +0100
+++ roundcube/plugins/http_authentication/http_authentication.php	2010-02-03 16:11:28.000000000 +0000
@@ -6,5 +6,5 @@
  * Make use of an existing HTTP authentication and perform login with the existing user credentials
  *
- * @version 1.0
+ * @version 1.0+ceu
  * @author Thomas Bruederli
  */
@@ -25,4 +25,5 @@
       $args['action'] = 'login';
 
+    $args['cookiecheck'] = false;
     return $args;
   }
diff -rU2 /root/roundcubemail-0.3.1/program/include/rcmail.php roundcube/program/include/rcmail.php
--- /root/roundcubemail-0.3.1/program/include/rcmail.php	2009-09-25 08:25:41.000000000 +0100
+++ roundcube/program/include/rcmail.php	2010-01-29 18:07:26.000000000 +0000
@@ -406,5 +406,20 @@
     
     if ($_SESSION['imap_host'] && !$this->imap->conn) {
-      if (!($conn = $this->imap->connect($_SESSION['imap_host'], $_SESSION['username'], $this->decrypt($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']))) {
+      // Try to grab a full set of authentication tokens from registered
+      // plugins since the password might reside there and not in the session
+      // vars.
+      $auth_tokens = $this->plugins->exec_hook('authenticate', array(
+        'host' => $_SESSION['imap_host'],
+        'user' => $_SESSION['username'],
+        'cookiecheck' => true,
+      ));
+      if (empty($auth_tokens['pass'])) {
+        $auth_tokens['pass'] = $this->decrypt($_SESSION['password']);
+        $_SESSION['save_password'] = false;
+      }
+      else {
+        $_SESSION['save_password'] = true;
+      }
+      if (!($conn = $this->imap->connect($_SESSION['imap_host'], $auth_tokens['user'], $auth_tokens['pass'], $_SESSION['imap_port'], $_SESSION['imap_ssl']))) {
         if ($this->output)
           $this->output->show_message($this->imap->error_code == -1 ? 'imaperror' : 'sessionerror', 'error');
@@ -532,5 +547,15 @@
       $_SESSION['imap_port'] = $imap_port;
       $_SESSION['imap_ssl']  = $imap_ssl;
-      $_SESSION['password']  = $this->encrypt($pass);
+
+      // Don't save the password if it was provided by a plugin that provides
+      // authentication capabilities.
+      if (!empty($_SESSION['save_password'])) {
+        $_SESSION['password']  = $this->encrypt($pass);
+      }
+      else {
+        $_SESSION['password']  = 'handled_by_plugin';
+      }
+      unset($_SESSION['save_password']);
+
       $_SESSION['login_time'] = mktime();