If it’s a web-based tool, support http authentication and you’re done. Apache can handle it. If it’s Linux-based, support PAM. Done. But what if it’s neither? You might think “We’ll make it pluggable and we’ll do an LDAP plugin so we can work with Active Directtory or LDAP. Now, on to logging…” Wait. Step back. I want to propose a better authentication protocol than LDAP as the default go-to protocol: RADIUS.