So I tend to view problems from the Apache viewpoint. ACLs in Apache can be pretty much handled how you want, and there are loads of mod_auth_* mechanisms for tying in external authentication services.
eg you could do it by spitting out .htaccess, AuthUser and AuthGroup files from a configuration database.
If you ever wanted to get down to individual file level, there's always the <Files> directive.
--
simon
|