So the gauntlet was thrown in this question:
...and I thought I'd set the stage here for the battle. The question is:
When performing challenge-response authentication, is it *ever* necessary to store the clear-text password?
Cite your references--don't just assert without evidence to support
For God's sakes, keep it civil
Let the games begin!