Background discussion here: http://moodle.org/mod/forum/discuss.php?d=136675
I've attached a first attempt at a patch for actually using the AUTH_* definitions already in lib/authlib.php. This code respects AUTH_DENIED so that it will be possible to create stackable blacklist authentication modules in addition to the stackable whitelist modules we already have.
I wrote this with the idea of keeping the patch as small as possible, but I think it would be better if we made it possible to provide more information back to the user. For example, it would be useful if, while configuring your authentication modules stack, you could turn on some more verbosity and be told "login denied for XYZ reason by ABC module" instead of simply "Login denied".
Is there any interest in considering this for inclusion in 2.0?