I recently finished my MCAuthAll script. It's kind of hard to explain how it works, so I will explain the end result instead. The goal was to make a "proxy" between Minecraft servers/clients and the Minecraft servers. The result is having a way to authenticate players who do not own Minecraft. The script does it by passing all requests from premium players on to the official servers while handling non premium players on its own. The full authentication mode requires a MySQL database to store session information. It is on GitHub so you can look through the source: https://github.com/Stephen304/MCAuthAll
Since it seems to be working, I will likely not make any more changes except for bug fixes.
I run a private Minecraft server for me and my friends. The only problem is, only half of my friends own Minecraft. (Leave piracy debates out of this.) This causes issues with securing the server to prevent account stealing. I initially only intended to make a quick server mod, but it turned into a full fledged project. The source is on GitHub. In summary, the server uses a host file mod to redirect auth traffic. The selling point of this system is that legit/premium users who bought minecraft do not have to do anything extra. The default launcher works fine for them. Cracked/non-premium users, however, must use a custom launcher. This custom launcher downloads a modded copy of minecraft in addition to several other checks to prevent account stealing. In effect, you can run a mixed server in online mode, supplying authentication (with official servers) to premium users, preventing non-premium users from logging in as premium users, while also allowing non-premium users to still play.
It's a mouthful; I know, but it works great for servers with a mixed community. I consider the project nearly done. The only thing I have left to add is a password database for non-premium users, which would prevent non-premium users from logging in as other non-premium users.