Authenticate Users

I'm looking at putting a machine up that will mainly be a Subversion server. I will be having users/programmers get code from my machine and update code using Subversion through Apache.

I plan on having a few projects with every user having different rights to each project.

I know how I can do all this with Apache/Subversion, however I am curious of which is going to be the best way to have Apache/Subversion know about the users. (Side note I am also using SSL at the moment)

Will I need to add all users to /etc/passwd, could I use shadow, could I use pam?

They will not be allowed access to my machine through ssh/telnet/ftp at the moment, strictly through Apache/Subversion.

Has anybody done anything like this? Anybody have any ideas on the best way to authenticate users?

http//gentoo-wiki.com/HOWTO_Apache2_with_subversion_SVN_and_DAV

Shows how to setup Apache/Subversion to use Pam to authenticate users, however a down side to this is that Pam needs to be able to read /etc/shadow ... which I'm not a big fan of.

Is this what I'm going to have to end up doing?

ahhh, I've had to work with a similar problem before. I think this may do the trick for you
pam_pwdfile

just google for pam_pwdfile or pam_pwdfile.so and soon you'll be all set. this pam module will let you authenticate against any file, so you don't have to expose your /etc/shadow. If you need any help or hints setting up the pam.d configuration file let me know (that part took me an embarassingly large amount of trial and error).