a function to which the username and password arguments will be passed and which should return TRUE for a valid combination and FALSE for an invalid one.
basic_realm
the user visible realm that will be returned through the WWW-Authenticate header in case of an unauthenticated request