How can I set-up a virtual site that can only be viewed by users of that virtual site?
Ok, I tinkered a bit on my own RaQ 4. If you want to use the existing passwords, it becomes fairly easy.
I do notice a couple of second delay in the user authorization using this method rather than the standalone password file in my howto.
Also, it's b-a-d to have the users sending their actual passwords around via HTTP (another reason a separate password file is a good idea, but is more of a hassle to keep up to date). If your user list won't be changing much, I'd recommend making a standalone .htpasswd file and using the method in my howto.
But for PAM authentication, all your .htaccess has to have in it is: AuthPAM_Enabled on AuthName "Extranet" AuthType Basic Order allow,deny Allow from all <Limit GET POST> require group siteX </Limit> where siteX is "home" "site1" etc (group that owns the virtual site).