REMOTE_USER authentication can be achieved via a WordPress plugin: http://dev.wp-plugins.org/browser/http-authentication/trunk/ It uses the WordPress user database, though, meaning you still create users in WordPress. If this is unacceptable for integration with Zope, I suggest looking at the "pluggable" functions: http://codex.wordpress.org/Pluggable_Functions Less editing of upstream source. :)
It's quite possible that there won't be much modification needed. wp-config.php in particular has to be added, because a number of files reference that filename in particular. However, extra plugins don't have to be in the Wordpress tree in particular. I haven't looked at how they are activated (maybe in wp-config.php itself?), but hopefully that process would be flexible enough for what we need. The get_user* and auth_redirect functions are mostly what we'd want to override, and they are both pluggable.
I suppose what we want to do is not very different from what wordpress.org does itself, to support fully automated installs.# Ian Bicking