doc/customizing.txt says in section
   Using an external password validation source
that one should hook its own password authentication
into roundup like this:

    class Client(client.Client):
        actions = client.Client.actions + (
            ('login', ExternalPasswordLoginAction)
        )

I tried that and found that my own code wasn't
invoked at all. After changing instance.py as follows
it worked:

    actions = ( ( 'login', ExternalPasswordLoginAction
), ) + \
        client.Client.actions

Is the documentation perhaps outdated here?