diff --git a/src/authm_mad/remotes/server/server_auth.rb b/src/authm_mad/remotes/server/server_auth.rb
index 91cc5c4b61..0f699bef2d 100644
--- a/src/authm_mad/remotes/server/server_auth.rb
+++ b/src/authm_mad/remotes/server/server_auth.rb
@@ -79,14 +79,13 @@ class ServerAuth < X509Auth
     end
 
     # Generates a login token in the form:
-    # user_name:x509:user_name:time_expires:cert_chain
-    #   - user_name:time_expires is encrypted with the user certificate
-    #   - user_name:time_expires:cert_chain is base64 encoded
-    def login_token(user, user_dn, expire)
+    # user_name:server:user_name:user_pass:time_expires
+    #   - user_name:user_pass:time_expires is encrypted with the server certificate
+    def login_token(user, user_pass, expire)
 
         expires = Time.now.to_i+expire
         
-        token_txt = "#{user}:#{user_dn}:#{expires}"
+        token_txt = "#{user}:#{user_pass}:#{expires}"
 
         token     = encrypt(token_txt)
 	    token64   = Base64::encode64(token).strip.delete("\n")
@@ -103,15 +102,15 @@ class ServerAuth < X509Auth
     def authenticate(user, pass, signed_text)
         begin            
 	        # Decryption demonstrates that the user posessed the private key.
-            _user, user_dn, expires = decrypt(signed_text).split(':')
+            _user, user_pass, expires = decrypt(signed_text).split(':')
 
             return "User name missmatch" if user != _user
 
             return "login token expired" if Time.now.to_i >= expires.to_i
 
             # Check an explicitly-specified DN such as for a host-signed login 
-            if !pass.split('|').include?(cert.subject.to_s.delete("\s"))
-	            return "Certificate subject missmatch"
+            if !pass.split('|').include?(user_pass)
+	            return "User password missmatch"
             end
 
 	        validate