diff --git a/lib/api/auth.py b/lib/api/auth.py
index 74d68a27ad..53978a70d4 100644
--- a/lib/api/auth.py
+++ b/lib/api/auth.py
@@ -2,26 +2,15 @@ from tastypie.authentication import Authentication
 from tastypie.authorization import Authorization
 
 # FIXME: this is completely stubbed out at this point!
-
-class AcomAuthentication(Authentication):
-    def is_authenticated(self, request, **kwargs):
-        return True
-        #if 'admin' in request.user.username:
-        #  return True
-
-        #return False
-
-    # Optional but recommended
-    def get_identifier(self, request):
-        return request.user.username
+# INTENTIONALLY NOT IMPLEMENTED CORRECTLY :)
 
 class AcomAuthorization(Authorization):
+
     def is_authorized(self, request, object=None):
-        return True
-        #if request.user.username == 'admin':
-        #    return True
-        #else:
-        #    return False
+        if request.user.username == 'admin':
+            return True
+        else:
+            return False
 
     # Optional but useful for advanced limiting, such as per user.
     def apply_limits(self, request, object_list):
diff --git a/lib/api/resources/organizations.py b/lib/api/resources/organizations.py
index cffec2f84d..a834278d8d 100644
--- a/lib/api/resources/organizations.py
+++ b/lib/api/resources/organizations.py
@@ -1,7 +1,8 @@
 # myapp/api.py
 
 from tastypie.resources import ModelResource
-from lib.api.auth import AcomAuthentication, AcomAuthorization
+from tastypie.authentication import BasicAuthentication
+from lib.api.auth import AcomAuthorization
 
 import lib.main.models as models
 
@@ -10,7 +11,7 @@ class Organizations(ModelResource):
     class Meta:
         queryset = models.Organization.objects.all()
         resource_name = 'organizations'
-        authentication = AcomAuthentication()
+        authentication = BasicAuthentication()
         authorization = AcomAuthorization()
 
 
diff --git a/lib/cli/main.py b/lib/cli/main.py
index bfbaf0dbf9..0067226f50 100644
--- a/lib/cli/main.py
+++ b/lib/cli/main.py
@@ -1,13 +1,14 @@
-import hammock
 import os
 import requests
+from requests.auth import HTTPBasicAuth
 import sys
 import json
 
 # this is temporary
 username = os.getenv("ACOM_USER","admin")
 password = os.getenv("ACOM_PASS","admin")
-server   = os.getenv("ACOM_SERVER","127.0.0.1:8000")
+print "USER=%s" % username
+server   = os.getenv("ACOM_SERVER","http://127.0.0.1:8000")
 
 # TODO: error handling/output/etc
 # TODO: format into actual command line
@@ -18,15 +19,24 @@ PARAMS = {
 HEADERS = {
    'Content-Type' : 'application/json'
 }
-AUTH = (username, password)
+AUTH = HTTPBasicAuth(username, password)
 
-handle = hammock.Hammock("http://%s/api/v1" % server, auth=AUTH, append_slash=True, params=PARAMS, headers=HEADERS)
+def get(url_seg):
+   resp = requests.get("%s/api/v1/%s" % (server, url_seg), auth=AUTH)
+   return resp
+
+def post(url_seg, data):
+   resp = requests.post("%s/api/v1/%s" % (server, url_seg), auth=AUTH, data=data, headers=HEADERS)
+   return resp
 
 class Collection(object):
 
-   def __init__(self, handle):
-       self.handle   = handle
-       self.response = self.accessor().GET(auth=AUTH, headers=HEADERS)
+   def __init__(self):
+
+       self.response = get(self.base_url())
+
+       print self.response.text
+       print self.response.status_code
        assert self.response.status_code == 200
        # TODO: error handling on non-200
        print "RESPONSE=%s" % self.response.text
@@ -36,13 +46,13 @@ class Collection(object):
        self.meta     = self.data['meta']
        self.objects  = self.data['objects']
         
-   def accessor(self):
+   def base_url(self):
        return exceptions.NotImplementedError()
 
    def add(self, data):
        # TODO: error handling
        json_data = json.dumps(data)
-       response = self.accessor().POST(data=json_data)
+       response = post(self.base_url(), data=json_data)
        print response.status_code
        print response.text
        assert response.status_code == 201
@@ -60,16 +70,14 @@ class Entry(object):
    def __init__(self, data):
        self.data = data
        self.resource_uri = data.get('resource_uri', None)
-       print "LOADING"
-       self.accessor = hammock.Hammock(self.resource_uri, auth=AUTH, append_slash=True, params=PARAMS, headers=HEADERS)
 
    def __repr__(self):
        return repr(self.data)
 
 class Organizations(Collection):
 
-   def accessor(self):
-       return self.handle.organizations
+   def base_url(self):
+       return "organizations/"
 
 #(Epdb) got.text
 #u'{"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 1}, "objects": [{"active": true, "creation_date": "2013-03-15", "description": "testorg!", "id": 1, "name": "testorg", "resource_uri": "/api/v1/organizations/1/"}]}'
@@ -77,7 +85,7 @@ class Organizations(Collection):
 
 try:
     print "---"
-    orgs = Organizations(handle)
+    orgs = Organizations()
     for x in orgs:
        print x
     print "---"
@@ -85,7 +93,7 @@ try:
     print "---"
     
     print "---"
-    orgs = Organizations(handle)
+    orgs = Organizations()
     for x in orgs:
        print x
     
diff --git a/lib/settings/defaults.py b/lib/settings/defaults.py
index 2e4ddff169..f6f525bd15 100644
--- a/lib/settings/defaults.py
+++ b/lib/settings/defaults.py
@@ -93,6 +93,7 @@ TEMPLATE_CONTEXT_PROCESSORS += (
 )
 
 MIDDLEWARE_CLASSES += (
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
     #'django.middleware.transaction.TransactionMiddleware',
     #'devserver.middleware.DevServerMiddleware',
 )