I would give it a whirl if you haven't already. I think it will work fine. Rationale: the key piece of relevant code is in ad_check_password (packages/acs-tcl/tcl/security-procs.tcl):
if { [string compare $password [ns_sha1 "$password_from_form$salt"]] } {
return 0
}
The
ns_sha1 function is deterministic (its output is always the same for a given input), so if you preserve the salt and the output you should be all set.
