Daemon-mode authentication documentation

[Steve Schultze]

I have found reference a couple of places on the web describing the 
details of authentication when rsync'ing with the server in 
daemon/non-shell mode.  For example:

http://www.linuxjournal.com/article.php?sid=6508
"rsync's authentication mechanism, available only when run in dæmon 
mode, is based on a reasonably strong 128-bit MD5 challenge-response 
scheme. This is superior to standard FTP authentication for two 
reasons. First, passwords are not transmitted over the network and 
therefore are not subject to eavesdropping attacks."

This fact is important for people who wish to optimize their transfer 
speed and minimize processor load and are not synchronizing sensitive 
data (they only wish to protect their username/password).  I would 
guess that people frequently end up tunneling over ssh when their 
security requirements don't actually necessitate it.

There is no mention of the encrypted authentication scheme in the rsync 
man pages or on the site, as far as I can tell.  So, I have 2 requests:

1. Can someone confirm that this description of the auth mechanism is 
accurate?
2. Can someone update the documentation?

-- 
Steve Schultze
Technical Manager, The Public Radio Exchange
http://www.prx.org