Apiserver store the user, and the hash of the password in postgresql. It would be great to have different authentication strategies like the one proposed by [passport](http://passportjs.org/)
