In a new posting from Dynamically Typed, there is a discussion of recomendations of PHP authentication and access control libraries.

To be frank not sure I can one-hundred percent recommend an single library; I'm typically guilty of DIY - last time a really researched this, about a year and a half ago, wasn't able to find anything that really convinced me.

From my perspective, authentication (verifying a valid user) and access control (does a valid user have permission to do this) are different things and the library needs to reflect that.

Some of his "dream" attributes for a security library include: the obvious security, a flexible authentication protocol, be independent of the data source it uses, be more flexible in the access control mechanism, allows for multiple user/group/role access assocations, flexible, and, of course, fast. Two classes that he mentions that are close to what he thinks would work best are from PEAR - PEAR::Auth and PEAR::LiveUser.