Callback used by AuthDomainBasic for authentication purposes.
The application should verify that
password and valid and return
If you are maintaining your own password database (rather than using the password to authenticate against some other system like PAM or a remote server), you should make sure you know what you are doing. In particular, don't store cleartext passwords, or easily-computed hashes of cleartext passwords, even if you don't care that much about the security of your server, because users will frequently use the same password for multiple sites, and so compromising any site with a cleartext (or easily-cracked) password database may give attackers access to other more-interesting sites as well.
the message being authenticated
the username provided by the client
the password provided by the client
the data passed to set_auth_callback