I'm working on the next version of the external authentication module.
What's already done:
1) Now uses the e-mail address to logon by default. This is way nicer, since you don't need to select an authentication source. Old username authentication is also possible
2) Sequential checking of authentication sources is gone. That was a nasty solution anyway. Replaced by authentication with the e-mail address
3) The ability to adapt to changing e-mail and user id's at the authentication source, without creating a new account. Currently this only works for the LDAP driver, since other sources don't have a lookup capability to match UserID with e-mail addresses
The next thing I'm working on is restricting authentication sources based on the client's IP address. Now you can hide some sources if users login from the Internet. The question here, is IPv6 support is wanted. I guess this is only nescessary if SilverStripe itself is IPv6 compatible. Anyone got any experience with that?
Possible other additions:
1) Tabs for authentication sources on the login form if multiple sources are configured
2) Port the OpenID driver to external authentication (lots of work I think)
I don't have much time available at the moment, so progress will be slow.