mod_auth_remote should be a quite useful Apache module for use with Zope (and potentially other systems). It authenticates off of a URL, like:
<Directory ~ "/stats/"> AuthType Basic AuthName Zope AuthRemoteServer localhost AuthRemotePort 80 AuthRemoteURL /admin/auth require valid-user </Directory>Then you won't be able to access /stats except with a valid login for /admin/auth (which you'd set up as a trivial resource that had the permissions you'd want to apply to /stats). Underneath mod_auth_remote does a second HTTP request using the authentication information you give. The code is very simple.
Unfortunately it's only written for Apache 2 right now, and I'm mostly using Apache 1.3. It should be easy to port -- it's only around 200 lines long -- but I'm not very experienced in that sort of thing.
It's backported to apache 1.3 now. It's sort of very alpha (just finished this morning) but should work for you.# Saju