> Right now I think a "getting started" page needs to include instructions for > setting up an OpenId provider, because people trying to set it up > behind-the-firewall are most likely not going to be able to use an OpenId > provider that is outside-the-firewall.
Good point, but it's a good idea to eventually use user/password authentication in the future. If this is not desirable for a production scenario, it should still be possible to disable it.
