Aaron Straup Cope writes:

I'd like to be able to perform all authentication in Apache-land on the SSL and, if successful, hand the request off the Zope. The thing is, I still need to know who's actually authenticated once they readch Zope-world and assinging REMOTE_USER to a request parameter doesn't make me very comfortable.

Alas... The "doc/WEBSERVERS.txt" contains some information about how to convince Apache to pass "REMOTE_USER".

I am not sure, it will be enough for you. Dieter