diff --git a/core/od_auth.c b/core/od_auth.c
index 96c754e5..6b63082d 100644
--- a/core/od_auth.c
+++ b/core/od_auth.c
@@ -253,6 +253,55 @@ od_authbe_cleartext(od_server_t *server)
 	return 0;
 }
 
+static inline int
+od_authbe_md5(od_server_t *server, uint8_t salt[4])
+{
+	od_pooler_t *pooler = server->pooler;
+
+	od_route_t *route = server->route;
+	assert(route != NULL);
+	if (route->scheme->user == NULL ||
+	    route->scheme->password == NULL) {
+		od_error(&pooler->od->log, server->io,
+		         "S: user and password required for route '%s'",
+		          route->scheme->target);
+		return -1;
+	}
+
+	/* prepare md5 password using server supplied salt */
+	so_password_t client_password;
+	so_password_init(&client_password);
+	int rc;
+	rc = so_password_md5(&client_password,
+	                     route->scheme->user,
+	                     route->scheme->user_len,
+	                     route->scheme->password,
+	                     route->scheme->password_len,
+	                     (uint8_t*)salt);
+	if (rc == -1) {
+		od_error(&pooler->od->log, NULL, "memory allocation error");
+		so_password_free(&client_password);
+		return -1;
+	}
+
+	/* PasswordMessage */
+	so_stream_t *stream = &server->stream;
+	so_stream_reset(stream);
+	rc = so_fewrite_password(stream,
+	                         client_password.password,
+	                         client_password.password_len);
+	so_password_free(&client_password);
+	if (rc == -1) {
+		od_error(&pooler->od->log, NULL, "memory allocation error");
+		return -1;
+	}
+	rc = od_write(server->io, stream);
+	if (rc == -1) {
+		return -1;
+	}
+	return 0;
+}
+
 int od_authbe(od_server_t *server)
 {
 	od_pooler_t *pooler = server->pooler;
@@ -282,7 +331,9 @@ int od_authbe(od_server_t *server)
 		break;
 	/* AuthenticationMD5Password */
 	case 5:
-		(void)salt;
+		rc = od_authbe_md5(server, salt);
+		if (rc == -1)
+			return -1;
 		break;
 	/* unsupported */
 	default:
diff --git a/core/od_config.c b/core/od_config.c
index 3885c7a8..3a4be8a8 100644
--- a/core/od_config.c
+++ b/core/od_config.c
@@ -351,6 +351,7 @@ od_configparse_route(od_config_t *config, od_token_t *name)
 			if (od_confignext(config, OD_LSTRING, &tk) == -1)
 				return -1;
 			route->user = tk->v.string;
+			route->user_len = strlen(route->user);
 			continue;
 		/* password */
 		case OD_LPASSWORD:
diff --git a/core/od_scheme.h b/core/od_scheme.h
index 86e00a01..c7514a92 100644
--- a/core/od_scheme.h
+++ b/core/od_scheme.h
@@ -46,6 +46,7 @@ struct od_schemeroute_t {
 	char              *route;
 	char              *database;
 	char              *user;
+	int                user_len;
 	char              *password;
 	int                password_len;
 	int                ttl;