Just realised that Shtoom will have the authentication mechanism already written (somewhere), since it acts as a client to normal (authenticating) servers. Should have just wandered over there and pulled out the authentication-generation code.

I've developed a bit of a blind spot there I guess, wanting to avoid learning a large package while on a tight timeline... sort of like avoiding the SIP learning curve as much as possible. Not my favourite kind of coding by a long shot.