- added logic to do domain-defined nobody lookup which I thought I could safely dump before.

- added a hook for ignoring the domain-defined "nobody" lookup, although I'm not going to change the user folder UI right now, and the default behavior of this implementation is the same as the old.

- refactored validate method into identify, authenticate, and authorize methods.

- added _getobcontext method to do acquisition dance to find out accessed, container, and name in order to pass them to securitypolicy.validate