Once you've configured Zope and Pubcookie, you'll need to make a few small changes to Plone itself to fix some URLs and to not allow searches on member names.
You will need to disable the login portlet and "Join" links. Instead, provide a link to the login CGI. You can do this by making the link point to the expression:
but only if the user isn't already logged in. You also need to suppress the logout link.
There are other places where the login box can appear (if you connect to a protected page, for example) so a more complete solution would be to make sure Plone sends you to the login URL whenever it feels the user needs to authenticate, and to show an Access Denied page if the user is already logged in but does not have access to the requested page.
You will want to remove the password field in the user administration form.
By default, Plone's member search will return users who have logged in. Since this proxy bypasses the Plone login page, most users will have never logged in. You can remove these fields from the search form.