package My::Apache::UserCache;
use strict;
use My::User;
require Exporter;
our @ISA = qw(Exporter);
our @EXPORT_OK = qw(get_pass get_groups);
use constant CACHE_TIMEOUT => 60; # seconds

my %cache = ();

sub fill_cache {
  my $user = shift;
  my $now = time;
  my ($password,@groups) = My::User->get_pw_groups( $user ); # hits DB
  ... other checks ...
  $cache{$user} = { timestamp => $now,
                    password => $password,
                    groups => [@groups] };
}
sub get_pass {
  my $user = shift;
  my $now = time;
  return $cache{$user}->{password} if $exists_and_hasnt_timed_out_etc;
  return undef unless fill_cache( $user );
  $cache{$user}->{password}; # get direct from cache
}
sub get_groups {
  # similar to above
}

##</code><code>##

package My::Apache::UserAuthen;
use strict;
use My::Apache::UserCache qw(get_pass);
...
sub handler {
  ... setup; get apache basic auth credentials; etc ...
  my $reason = authenticate( $user, $user_pw );
  ... log etc on failure..
  return OK;
}

sub authenticate {
  my ($user, $user_pw) = @_;
  ...
  my $db_pass = get_pass( $user );
  ... return messages based on match/mismatch/etc ...
  return '';
}