For the first part of your question you should put all the pages you wish to protect inside folders and use the .htaccess file to specify users. on my host which is running apache under Redhat I have a folder with administrative tools. Two files are used to set up the autorization for that folder they are as follows (paths changed of course):
<Limit GET POST>
Read up on .htaccess files for more info. I believe there is a way for it to use the /etc/passwd file for authentication but am unsure of the specifics.
For the second part of your question this node http://www.perlmonks.org/index.pl?node_id=107095 contains a peice of code that will tell you what information you can get from the %ENV hash.