User Authentication in Pyramid

Pyramid has a much more flexible authentication system. And yes, if you want something simple like Django's user/group/permission concept, then flexible might be scary.

Pyramid does not have a "User" object, as it makes no assumptions about how you store your data or what ORM you use, therefore there isn't something for you like contrib.auth. You will need to hash/salt the passwords yourself using a library such as cryptacular or passlib, both found on PYPI.

As far as wanting user/group/permissions within Pyramid's system, this is achievable pretty simply by defining a RootFactory that has an __acl__ that maps groups to permissions. Permissions are assigned to views, thus are pretty static usually. If you'd like the groups (what Pyramid calls "principals") to be dynamic that is also achievable.

I'd suggest looking at the Pyramid wiki2 tutorial, as well as the shootout demo.

There are also a couple third-party packages for assisting with authorization within Pyramid if you plan to be using SQLAlchemy. apex is a more full stack solution, and ziggurat_foundations is a lower-level layer above SQLAlchemy to help you set up users and groups for your application.

Your question is fairly high level and authorization is a "hard problem", so I'll stop here and avoid regurgitating the tutorials and resources that already exist from the Pyramid tutorials to several third-party examples. If you have any specific questions please feel free to ask those in another question.