I wrote most of this twice, since my wiki editing model does not work well with MoinMoin. 
Apparently, not touching the edited page for 8 hours, and then clicking preview, and then having to re-authenticate via Pubcookie causes MoinMoin to become upset, and throw away your changes saying something about using the interactive interface.
Pubcookie's web site is [http://www.pubcookie.org/].
Building Pubcookie
Typically seems to be a pain. It required a lot of Makefile hacking. It looks like configure was brain dead, and wasn't able to find /usr/share/apache2/build. Sigh...
I think it might be a good idea to see how Debian packages build Apache2 modules, and how they deal with apxs and the magic .mk files. Maybe that would give some insight into how to make the Pubcookie source behave better.
Setting up an Application Server
Our current pubcookie build lives in /afs/club/system/dest/@sys/local/pubcookie/003.
Copy it into the stow directory on the host of interest.
One or both of pubcookie-club.conf or pubcookie-andrew.conf (which are apache configuration file fragments) will be needed. If the machine will only authenticate to one of club or andrew, the easiest thing to do is simply copy the appropriate configuration fragment into /etc/apache2/conf.d. Otherwise, copy both into /etc/apache2, and include the appropriate file in each virtual host definition.
mkdir -p /var/pubcookie/keys chmod 700 /var/pubcookie/keys
Put an appropriate pubcookie configuration in /var/pubcookie/config.
Run keyclient to fetch a key from the keyserver.
To fetch an existing key (e.g. if a service is replicated or is being migrated):
/usr/local/pubcookie/keyclient -d
To have the keyserver generate a new key:
/usr/local/pubcookie/keyclient
You may additionally need to use the -H option, if the virtual host name of the machine is different from its actual host name.
You will also need to fetch the granting certificate.
/usr/local/pubcookie/keyclient -G /var/pubcookie/keys/pubcookie_granting.crt
Setting up a Login Server
Michael, share your insight, for I do not know.