Forum OpenACS Q&A: Response to optionally using unix passwords for OpenACS auth

Access based on IP is simple - just set up a filter that compares the URL with a set of pages restricted to your LAN subnet (I assume that's the level of restriction you have in mind).

Passwords in cookies are encrypted.  If you ask passwords to be encrypted in the DB, they're encrypted using ns_crypt, which uses the same crypt function in glibc as has been traditionally used in Unix-land for a very long time.  The linux world is switching over to stronger encryption for system password encryption, but I wouldn't worry much about people cracking db's encrypted in the database.

Most cracks come about because of poor passwords.  I suspect you'd be hard pressed to find a case of a crack succeeding based on unencrypting
crypt'd passwords.