In my opinion, I think you should use a centralized authentication based system like kerberos. Why? With linux/bsd varients you can use Authen::PAM to authenticate against kerberos using pam. While one of my favorites (does REAL kerberos calls) is a module for apache called "Mod auth Kerb". It allows you to have a default realm, and you can utilize kerberos within a .htaccess password prompt.

check out:This! for the apache mod.

I have personally set this up, and it is a little bit of trouble (but not that much)

Having an authentication system like this leads to 1) scalability 2) security 3) good solid programming api's.

These days, redhat has made kerberosIV pretty much 'plug and play' and administration is very easy. I still suggest KerberosV, which has better security then 4.

if you intend on having alot of users authenticating, this would be a good step to take.