Rather happily, that's an awful lot easier than it sounds. A skeleton authentication handler looks like this:

 package Apache::AuthAny;
 # file: Apache/AuthAny.pm


 use strict;
 use Apache::Constants qw(:common);


 sub handler {
     my $r = shift;
 
     my($res, $sent_pw) = $r->get_basic_auth_pw;
     return $res if $res != OK; 


     my $user = $r->connection->user;
     unless($user and $sent_pw) {
         $r->note_basic_auth_failure;
         $r->log_reason("Both a username and password must be provided
+", $r->filename);
         return AUTH_REQUIRED;
     }


     return OK;     
 }


 1;
[download]

The Eagle book gives full details, and some of it seems to be online here:
http://modperl.com:9000/book/chapters/ch6.html
(found through random Googling).

hth, andye.

Here I am :)

Chapter 6 from Eagle Book describes what you need:

In this chapter, we step back to an earlier phase of the HTTP transaction, one in which Apache attempts to determine the identity of the person at the other end of the connection, and whether he or she is authorized to access the resource. Apache's APIs for authentication and authorization are straightforward yet powerful. You can implement simple password-based checking in just a few lines of code. With somewhat more effort, you can implement more sophisticated authentication systems, such as ones based on hardware tokens.

You can find a copy of this chapter here. mod_perl Developer's Cookbook provides some other examples on the same subject.

I understand your point about deadlines, I was talking about theory, real life is another story ;-)

Good luck for your project. Ciao, Valerio