Client provides the username and passwordhash (see open-ils.auth.authenticate.init). If their password hash is correct for the given username, a session id is returned, if not, "0" is returned
Generates a random seed and returns it. The client must then perform md5_hex( $seed . md5_hex($password) ) and use that as the passwordhash to open-ils.auth.authenticate.complete
Pass in a sessionid and this delete it from the cache
Pass in a sessionid and this returns the username associated with it
what I do