The actual fact of the matter is that Authkit is, at best, deprecated. My own opinion is that, if you have a good grasp of how auth ought to work, you can implement a roll-yer-own system in less time than it takes to integrate Authkit, and it will be more suited to your needs.

Let us consider the situation: You require a user model in any event — something to keep track of which user is which. (And may I take a moment to recommend the use of bcrypt for secure password storage?) You require some mechanism of keeping track of which user is logged in; the Pylons session will do nicely for this. You require a login/logout controller, which technically is not needed for the most basic Authkit setup, but which you will want to have if you want your login/logout pages to look like the rest of your site. And finally, you require some function, possibly a decorator, which lets you mark certain actions as requiring a logged-in user or a particular kind of logged-in user. These are pretty simple to write; you may wish to consult the Advanced Homegrown Auth article at the Pylons Cookbook wiki if you run into difficulty.