modern day auth

It's been quite a while since I last rolled out a rails app, and now I have to start on another. I'm wondering what is the currently accepted method for implementing authentication and authorisation.

My last apps used a fairly well modified version of restful_authentication, which as I remember was a right PITA to install into a new application. It mainly consisted of several hours of copying and pasting from existing apps (installing it from scratch was even slower due to my modifications).

Has anyone got any advice for making my life a little easier? I don't have any wild requirements:

* Session based login/logout with forms
* Ability for users to reset passwords with email tickets
* Possibility to switch between admin-only or open registration (with email confirmations)
* Maybe a nice management interface

All that was implemented with my modified restful_auth, but as I keep moaning, it took far too long to redo for each app.

Any tips greatly appreciated.


Check Authlogic ( But I advise you to
take a very good look at the code and docs because it makes a lot
of trade-offs in order to make it a "plug-and-play" gem instead of
a generator.