> To authenticate a user you would need some of these things:
> 1) username
> 2) password
> 3) some form of domain or other name
> 4) ???

4) A channel (file descriptor, callback pointer, whatever) to generate
output and collect further input (such as challenges and responses, or
interaction suitable for zero-knowledge demonstrations of identity).

> In return applications could get back:
> 1) valid/invalid, expired password, expired account, etc etc.
> 2) other data, like being instructed to set an environmental variable to
>    some specific value.
> 3) perhaps an opaque cookie
> 4) ???

At a minimum, the UID, primary GID, and list of auxiliary GIDs!

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B