Improved authentication service schemes are described. A first technique enables application specific authentication services even if container-wide authentication services are made available. A second technique prevents an authentication service from being performed if an attempt is made to reach an item of insensitivity within a protected area. A third technique introduces "get/set" functions into a login module callback handler arrangement for retrieving/imposing information from/to a communication session with a user that the login module is authenticating. A fourth technique distributes a login context function so that a network resides between separate portions of the login context function. A fifth technique uses a fallback handler in an application based authentication service so that a container-wide authentication service can be used.