The attached diff -p file shows the changes I made diffed
against a CVS snapshot in order to make HTTP-based
authentication work seamlessly:
If the user clicks the 'Sign in' button but provides no
username, their HTTP_AUTH name and password are used
to sign them in.
If the user enters a username before pressing 'Sign in'
they are taken to the sign-in page, where they can log in