I want to add a member state (active, inactive, banned) which gets checked on login. The value is only set by the admin in the cms and is never visible to public. I have got this bit happening no worries.
So if the member tries to login it checks the account to see which state it is in and acts appropriately.
i'm not sure why there's a need for a special authenticator?
DataObjectDecorator can define default for field-values
fe: 'active' for your 'member state'.
then someone could fe. 'special implement'
SiteTree::canEdit() for pages,
if these Memers are canCMS Members.
Additionally you could generate getCMSFields on your classes, depending on member state...
And only for restrictions about frontend users (members)
i could do things specially while frontend rendering, depending on your member state.
what is the missing part, so where's the need for an authenticator?