He needs declarative role based authorization and authentication for his web site -- and maybe fault tolerance too depending on the price of the hardware for a linux server.
These are two separate things.
Authen/Authz can be implemented any way you like on mod_perl. It does not impose an application structure. If you want an already built implementation, you could look at some of the many auth modules on CPAN or at OpenInteract which includes a user/group security model.
For the CPAN list, start here: http://www.cpan.org/modules/00modlist.long.html#ID15_WorldWideW and look at the PerlAuthenHandler and PerlAuthzHandler modules.
For failover, the question is what are you failing over? Any old load-balancer will give you failover between machines. Failing over your data is a matter of how you implement your application. I believe JBoss fails over session data. You get the same result with mod_perl if you store your session data in a database, using something like Apache::Session.
Also, what are your favorite hardware vendors for linux clusters?
Red Hat sells a software failover system that you can use, but most people just use a load-balancing switch like big/ip for this. No special hardware or software is required for that.
- Perrin