Does the 2.7 edition of the zope book that I can find on plope.org cover security as handled by PAS? No.
If you are interested, the 'RemoteUserAuth' product and it's companion, 'CACSiteRoot', the sources can be downloaded from the tutorial page:
Yup, I've just downloaded those. Seems that RemoteUserAuth does some dirty hacks in Zope publisher :/ This seems to be from 2004. I'm not sure if it'll work with newer Zope versions. CACSiteRoot seems to translate URLs... something like VirtualHostMonster. But I'm not sure why somebody reinvented the whell so it possibly does something more.
It'd be great, though if there were zope gurus out there who had experience working with pubcookie. I've found a few messages on boards from a while back that seemed to indicate that there were folks working on a PAS plugin that would incorporate pubcookie, but I haven't seen any information indicating that that was ever successful. Hm... I've looked at: http://www.pubcookie.org/docs/how-pubcookie-works.html
This is not detailed enough but seems that it should be not difficult to do it with PAS. In general it is a bit similiar to CAS solution, but CAS doesn't use so much cookies. I mean CAS4PAS may be a good base for Pubcookie4PAS :) If you want to know more about PAS take a look into it's sources at interfaces.py and docs/. If you want you may take a look at CAS4PAS plugin. It is simple, but it is good to know how CAS and PAS works to understand this. -- Maciej Wisniowski