Catalyst::Plugin::Authentication does all the work we need it to do to securely, and cleanly, authenticate our users. The docs are great and there are lots of plugins out there that will help you do whatever you need to do.
The new C::Auth architecture is excellent. It supports using multiple authenticators (password, openid, plus lots of others), and it supports getting user objects from various backends (DBIx::Class, LDAP, a hash, etc.) with a clean API for adding more.
The API is easy to use, the docs are great, everything works, and the code you write to use it is clean and easily extensible.