After talking with Lars and Don about the authentication problem it is obvious that this is something that is needed in the general toolkit. We need something that is independent of the authentication scheme. We need something that allows us to plug in different "authentication modules" as needed. Something like what has been done for the different payment gateways in the ecommerce module.
For our institution we need to authenticate against a different datasource if the primary authentication method should fail. For instance, if the user is a student in Heidelberg, he will be authenticated using RADIUS server because he already has an account in the computer center. If a users is a physician in a teaching hospital 50 miles away, he will not be in the RADIUS datasource, so the standard OpenACS method should be used.
Another reason we would need the modular scheme is the fact that we will be migrating to LDAP in a year or two. All we want to have to do is replace the RADIUS plug with the LDAP plug.
I am sure there are other institutions that would like have multi-tier fallback authentication (not just the two tiers described above).