I would like to maintain a list of password protected directories outside of the apache conf files. My thoughts are to write a PerlAccessHandler which will use $r->add_config to set the authorization requirements.
Is this a sound approach? Would another phase such as PostReadRequest or HeaderParser be more apropos? On a related note. I have chosen to use auth-digest (ala Apache-AuthenHook thanks Geoff) because I believe it is clean design to use the auth facility. Having implemented basic authorization and handling logout and form-based logins, I feel comfortable with this method. But if I am missing something, I would really like to know it ;)