I assume that you already have repoze.who working the way you want, configured via an Ini file or Python code. If not, please set it up first using the repoze.who manual and then come back to this guide.
Likewise, I also assume that you already have a PasteDeploy configuration file for your application. It’s not strictly necessary, but we’re going to use it in this HOWTO.
Three steps are required to test protected areas and authentication separately: