One of Plone's pillars is its security machinery which is heavily dependent on PAS and its plugins.
The most common use cases (e.g. managing users from external sources like LDAP/AD or a RDBMS, SSO on external services, transforming Plone objects into users or groups, ..) can be solved by just picking and configuring already existent plugins.
Everything looks awesome, until one day you find out that the bunch of heterogeneous plugins you put together performs, speed wise, very bad.
Why this happens? How can this be fixed?
This talk will analyze one project where things went bad and were successfully fixed to provide answers to these questions.