Thanks for the reply fmerges,
A previous node (469478) I posted talks a bit about how I'm authenticating. I'm using CGI::Session to track state with cookies and accessing encrypted passwords via DBI.
I haven't looked into the Apache modules yet, but might track them down. There is always more than one way to do it, but is one of these methods more generally accepted as the way to do these things more than another?

Regards Paul