Ian Bicking: the old part of his blog

Re: Fixing Apache Authentication

Have you looked at pubcookie? It splits things out a little further (in that there's a common authentication page that provides the signed cookies all the way out to the user's browser... I think it only makes sense when you have a large institution behind a common namespace, and have lots of diversely-managed applications that you want controlled by a single mechanism, but it also means that you can be arbitrarily sophsticated at the pubcookie login page, too, without changing any apps at all.) It isn't quite what you're trying to do, but might be worth a look.
Comment on Fixing Apache Authentication
by Mark Eichin