For single sign on there is also CAS (Central Authentication Service).
We're sucessfully using this in our Zope2 apps. It has plugin for PAS
in Zope2 (CAS4PAS). CAS also works with other systems - plugins for
java, php and other exists.
Important thing here is to distinguish between authentication and
authorization. For example SSO like CAS can only tell you if your
user is authenticated. It won't tell you if he has some permissions
and/or roles to do something. But with PAS you can write another plugin
that will set proper roles for user etc.
Zope3-users mailing list