SharePoint out of the box

Authentication 

SharePoint usually performs authentication through the IIS web server. IIS is responsible for authenticating users via Active Directory.

Another option is to use the ASP.NETforms authentication functionality for developing custom code that interacts with other user directories such as an Oracle database. Doing so requires bespoke development.

Authorization 

SharePoint's security model is based around enrolling principals into SharePoint Groups, which are then granted permissions to a securable resource.

By default, SharePoint objects inherit the permissions of their parents.

Pros

• Good integration with Active Directory
• Standard across WSS and MOSS
• Does not require bespoke development
• Provides simple API.

Cons

• Difficult to manage  - SharePoint offers no 'rolled up' way of discovering everyone that has access to a resource, and also no simple way of showing what resources a given employee can access.
• Limited configurability - SharePoint's simple 'group allow' model cannot be configured to a policy-based mechanism.
• Poor integration with other web parts - While it is possible to set up custom groups and permission levels, the out-of-the-box web parts do not support this very well. The "Site members" and "my sites" web parts do not accurately reflect actual site memberships.

Summary

SharePoint provides a simple way for end-users to grant access to resources, but offers limited management functionality.