What PHP framework provides the most feature-rich authentication and/or access control?

Question

I am currently exploring Zend_Auth, part of Zend Framework, but am dissapointed with the lack of more advanced features such as nonces, authentication tokens, lock-out, etc. In one of my recent projects, I implemented an authentication and ACL (Access Control List) scheme that has the following features:

• Salted hashes
• Automatic IP address lockout
• Nonces (several types)
• Authentication tokens (which persist for the entire session)

It would be great if I could abstract this functionality and make a reusable authentication class, but I was curious about whether a feature-rich authentication module already existed, so I could save myself the work. If not, I will most definitely do that.

I suppose my questions is this: What (database-based) authentication module/scheme are you currently using, and are you happy with its features? Specifically, is anyone using one that supports the features I listed above?

I look forward to your responses.

Answer 1

Funny thing, I was going to answer "Zend Framework!" when I saw this question. I guess that you are already using that.

I've done a lot of what you are doing using ZF as well. True that it is not all made for you, but the parts are there. Honestly, if it was already put together, it would not be flexible and not apply to many use cases. I'd rather make it suit the app I'm building, rather than build my app around it. You can make your code into library and include that with your other ZF apps.

I'd be interested in other options as well though.