Re. my patch to zope to eliminate the default 500 error code: I considered a patch to the user folder product itself. Although I might have given up too soon, it didn't look feasible based on my limited knowledge of zope internals. I tried the obvious stuff but setting a "local" 302 or other code in the user folder didn't work because it got over-ridden later on the the authentication-catching process. Also, while removing all possibilities for a default 500 error from zope seems bad, note that in all those other (hypothetical) cases MSIE would also prevent you from seeing the potentially informative error page that zope might generate. In short, based on MSIE behaviour I think it's better if zope never generates a 500 error if it might also generate an informative error-message page. I might add this to the collector if I only knew how...
Have you had a look at the user folder you use in order to see where it raises an exception (I guess that, but this might eventually lead to HTTPResponse tacking the error 500 to the response)? Maybe it's possible to patch the user folder(s) to set a 302 header?