+ struct ctdluser usbuf;
+
+ /*
+ * Existing user who has claimed this OpenID?
+ *
+ * Note: if you think that sending the password back over the wire is insecure,
+ * check your assumptions. If someone has successfully asserted an OpenID that
+ * is associated with the account, they already have password equivalency and can
+ * login, so they could just as easily change the password, etc.
+ */
+ if (getuserbyopenid(&usbuf, oiddata->claimed_id) == 0) {
+ cprintf("authenticate\n%s\n%s\n", usbuf.fullname, usbuf.password);
+ }