Regardless of whether or not Zope has a PAM folder (which I think is a good idea) we need to discuss an upcomming problem with Zope user authentication: the proliferation of user folders. The problem is there are now quite a few user folders that all kinda look the same, smell the same, and share a good bit of code. This is very brittle. The 'backends' should be abstracted away from the 'frontend' and we should return to the original state of grace, one type of user folder. At the moment if we were to change an aspect of Zope authentication that would break existing user folders, we would have to go and fix every single one, the orpaned ones without maintainers (like etcUserFolder, my personal orphan) would simply remain broken until someone got frustrated enough to fix them. This is a pretty bad state of affairs. So lets fire up a discussion on what kind of model we could impliment to have a generic user folder with pluggable backends (one of which could be PAM). It might even be a good idea to look *at* PAM for some ideas, anyone here a PAM expert? Hmm.. it might also be nice to take Membership and the ZPT into consideration here, like support for extensable user objects (if the 'backend' supports it) etc. -Michel