Ok, I'll admit it, I'm baffled. The plethora of objects (realm, avatar, checker, mind) in twisted.cred has me stumped, even more so when it comes to restricting a portion of a Nevow website. What I'd like to do is check passwords (supplied in an HTTP Basic auth manner) out to the Cyrus SASLauthd unix socket. class saslauthd(protocol.Protocol): # code to talk to saslauthd via unix socket # and binary protocol goes here... def authenticate(self, username, password): d = defer.Deferred() self.queue(username, password, d) return d ...however, though I can monkey-copy the code for something like guarded.py in examples/ I don't really understand it, which is a recipie for distaster, much less extend it with (I think?) my own checker; and the examples all use nevow.guard which appears to be cookie based. Can anyone provide a simple explanation of what I'd need to do to a page to make it and its children require HTTP basic auth, which is handled via my own auth function/class?