RESTful user authentication service

Hey folks, this seems to have been discussion fairly often but I want to make a simple, watered down question around doing authentication with RESTful services. The scenario is as follows:

• There is a system that houses registered users for an application. The system exposes a RESTful API for accessing these users.
• There is a front-end application that has a login form. The application can either be internal, or external.
• The front-end application needs to use the data in the User system to authenticate a user.

The question now is how to authenticate a user whose credentials (username/password) are entered in the client application against the data in the User system such that it is secure and performant? For the sake of this question, suppose the client application is internal to some sort of Intranet but the applications will not reside on the same machine and may only communicate through the service.

I understand the idea of having the application being "hypermedia driven" but we should be able to provide filtering/searching services. For example, consider the resources and API as below:

• http://example.com/users
  • GET - retrieves all users (paged, hypermedia driven)
  • POST - creates new user
  • PUT/DELETE not supported
• http://example.com/users/[id]
  • GET - returns a full representation of a user with id = {id}
  • PUT - updates user, takes in any predefined media type
  • DELETE - deletes the user (with appropriate authorization)
  • POST not supported

Based on the above, my idea would be have the client application GET on the user listing, filtering by username. The service will return the hashed password and salt to the client, the client will perform the authentication.

Thoughts?