Just an off-the-cuff remark: How does this tie in with say SASL (old page at: http://asg.web.cmu.edu/sasl/) ? (vision of mod_sasl, then plug in any old authentication method into that)
SASL is more generic than our auth framework (which could be good or bad!). However, the Cyrus SASL implementation apparently isn't thread-safe and doesn't mesh well with the pool memory model. Greg Hudson tried to implement SASL for some code in Subversion (ra_svn) and gave up. httpd-2.x would have the same issues as both use APR.
So, to use SASL, we'd need a ground-up thread-safe SASL library; that's not something I'm terribly interested in. ;-) -- justin
