I think it would better to add an explicit "isencrypted" parameter to
the check_password_hook function, rather than require the module to do
isMD5 on the password. Any imaginable check hook will need to know if
the password is in MD5 format, and the backend already knows it (because
it already did that check), it seems good to let the hook function know.
Besides, if we introduce explicit syntax for saying that the supplied
password is plaintext or md5 one day, calling isMD5 in the module will
no longer be appropriate.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com