[e1ven]

We pass the login and passwords to an openldap server running internally, and then get back the success/fail message.

This is the best strategy for us because it allows us to offer a wide array of services running through our accounts, using out of the box software..

We can tie the forums into LDAP without writing our own, as well as our internal Jabber server, etc.

Once login has completed, we give the user a 128-bit sessionID, which we use for all further communication, until their session expires.