I want to add a member state (active, inactive, banned) which gets checked on login. The value is only set by the admin in the cms and is never visible to public. I have got this bit happening no worries.
So if the member tries to login it checks the account to see which state it is in and acts appropriately.
I would implement a DataObjectDecorator.
Then add it as a role to Member
so that this 'member state' is only shown if a 'administor' is logged in...
i'm not sure why there's a need for a special authenticator?
DataObjectDecorator can define default for field-values
fe: 'active' for your 'member state'.
then someone could fe. 'special implement'
SiteTree::canEdit() for pages,
if these Memers are canCMS Members.
Additionally you could generate getCMSFields on your classes, depending on member state...
And only for restrictions about frontend users (members)
i could do things specially while frontend rendering, depending on your member state.
what is the missing part, so where's the need for an authenticator?