Any one-way encryption method will work, but why not modularized authentication support? Something that would permit you to use anything

Already there in user folders! :^) We happen to have implemented an internal Zope authentication/authorization database. Additionally, at: http://www.zope.org/Download/Unsupported there's an etcUserFolder (auth against /etc/passwd type files) and a UserDB (auth against an RDBMS) and sometime soon there might be an LDAPUserFolder based on something that smells a lot like an LDAP Database Adapter.

from one-way-encryption to Kerberos to LDAP, but not necessarily just a fixed algorithm. LDAP is an interesting possibility, but I don't like the idea of being stapled to LDAP -- it's overkill for most installations.

I agree totally! My _real_ question was, in the internal User Folder component, whether to store passwords a) in their original form or b) as a hash or c) as a selectable option ... Of course, the c) is probably the best answer! --Rob