A quick sketch of a working module with new features

I'm sorry to dump this on the list but I'm short on time -- if I can I will come back later and package this up as a proper set of patches. Hopefully it will help someone in the meantime. I needed to get server authentication working *today*, in a fairly controlled environment, so I threw together the attached module. It works great for us on Apache with basic authentication over HTTPS. It is very similar to webserver_auth, but with the fixes mentioned recently in the issue queue. A couple of new, nice-to-have features:

* if the user doesn't have an entry in authmap (user_external_load fails) I first try a user_load to see if they have a non-authmapped account, and if so reconfigure it. This avoids the need to manually reconfigure UID1 after enabling server authentication.

* if this is the first visit for the user, they are redirected to user/edit with a message prompting them to fill out their profile before continuing.

* I hide the password fields on user/edit, since they have no effect on the server-side credentials. Every user I had test the new module tried to change their password, so this seemed like an easy usability win.

Hope this helps someone!