Authentication must be the responsibility of the server. If you want to
easily extend the possible authentication schemes then define a spec for
authentication scripts, but they should remain seperate from normal scripts,
which should not have to deal with authentication, that would be a HUGE
security hole.
--sanders