As of version XX of phpList, authentication can be provided by a plugin. 

You can check the //phpListAdminAuthentication// plugin in the admin directory to see the default one.

Below is a skeleton class. Not all methods need to be implemented, but defaulting them to something sensible will be useful.

<code>
class myCustomPhpListAdminAuthentication extends phplistPlugin {
  public $name = 'your plugin name';
  public $version = 0.1;
  public $authors = 'Your name';
  public $description = 'Provides authentication to phpList using .... ';
  public $authProvider = true;

  /**
   * 
   * validateLogin, verify that the login credentials are correct
   * 
   * @param string $login the login field
   * @param string $password the password
   * 
   * @return array 
   *    index 0 -> false if login failed, index of the administrator if successful
   *    index 1 -> error message when login fails
   * 
   * eg 
   *    return array(5,'OK'); // -> login successful for admin 5
   *    return array(0,'Incorrect login details'); // login failed
   * 
   */ 
  public function validateLogin($login,$password) 
  {

    return array(0,s("Login failed"));
  }

  /**
   * 
   * validateAccount, verify that the logged in admin is still valid
   * 
   * this allows verification that the admin still exists and is valid
   * 
   * @param int $id the ID of the admin as provided by validateLogin
   * 
   * @return array 
   *    index 0 -> false if failed, true if successful
   *    index 1 -> error message when validation fails
   * 
   * eg 
   *    return array(1,'OK'); // -> admin valid
   *    return array(0,'No such account'); // admin failed
   * 
   */ 
  public function validateAccount($id) 
  {
    return array(1,"OK");
  }



  /**
   * adminName
   * 
   * Name of the currently logged in administrator
   * Use for logging, eg "subscriber updated by XXXX"
   * and to display ownership of lists
   * 
   * @param int $id ID of the admin
   * 
   * @return string;
   */
  public function adminName($id) 
  {
  }
  
  /**
   * adminEmail
   * 
   * Email address of the currently logged in administrator
   * used to potentially pre-fill the "From" field in a campaign
   * 
   * @param int $id ID of the admin
   * 
   * @return string;
   */
  public function adminEmail($id) 
  {
  }    

  /**
   * adminIdForEmail
   * 
   * Return matching admin ID for an email address
   * used for verifying the admin email address on a Forgot Password request
   * 
   * @param string $email email address 
   * 
   * @return ID if found or false if not;
   */
  public function adminIdForEmail($email) 
  { 
  } 
  
  /**
   * isSuperUser
   * 
   * Return whether this admin is a super-admin or not
   * 
   * @param int $id admin ID
   * 
   * @return true if super-admin false if not
   */
  public function isSuperUser($id) 
  {
  }

  /**
   * listAdmins
   * 
   * Return array of admins in the system
   * Used in the list page to allow assigning ownership to lists
   * 
   * @param none
   * 
   * @return array of admins
   *    id => name
   */
  function listAdmins() 
  {
  }
   
  

  
}
</code>