2006-01-11 (wahern)

	Added support for user and group restrictions. Add
	AuthBSDStrictRequire, which allows you to specify whether only one
	Require directive must match (default), or all directives must
	match. The latter behavior is stricter.

2006-01-10 (wahern)

	Added ability to include userinfo data with the authentication
	packets. So far the only possible data is the user's group list
	(determined via getgrouplist(3)). This makes it possible to do group
	restrictions.

2006-01-09 (wahern)

	Removed use of the login_bsd wrapper. It always made me quesy.  To
	support chroot'ed Apache mod_auth_bsd now spins off a daemon before
	Apache locks down. httpd children speak to the daemon over
	individual domain sockets. Each socket is authenticated using a
	shared secret (unique to each child). Every authentication request
	and reply is HMAC'd with this shared secret. This prevents PHP and
	other in-process CGI applications from playing dirty tricks, however
	it doesn't prevent them from destroying the connection, which
	happens when an invalid packet is detected.

	Also, credential caching has been added, for both successful and
	unsuccessful authentication attempts. A delay can be added (default
	3 seconds) after a specified number of failed attempts per user. 
	This delay doesn't block the daemon, but it does block the child. 
	This feature is not a subsititute for PF rules that rate limit
	clients.
