The same plaintext (passwd) could produce several ciphertext depending on the salt..

But could you be more precise : if the plaintext password works what is your problem ?
(A lot of (bad) HTTP authentication is made with plain text password, it could be the case here...)

Simple observation : the auth is really TOO REDUNDANT to be produced by a real/secure hash/crypt function ('lyIM9' repeated twice) so you can exclude all known good known crypto systems.

"Trying to be a SMART lamer" (thanx to Merlyn ;-)