s/key authentication for Apache on FreeBSD?

[Brett Glass]

I'm constructing a Web server which may require restricted areas
of the site to be used from public places where a password might
be sniffed. The damage that could be done by taking snapshots of 
the content from one session with a spy program is minimal. What
the owner of the server does NOT want, though, is to allow unauthorized
parties to gain unfettered access by stealing the password via
a key sniffer.

After considering the readily available alternatives, I'd like to
try using s/key one-time passwords with "basic" authentication (which 
works on most browsers). But how do I lash Apache and s/key together
under FreeBSD, and get Apache to require s/key passwords from all
IP addresses outside the owner's home network? (Apache doesn't have
a mod_auth_skey module, so I'd probably have to cobble this together
with mod_perl -- or via PAM, with which I have virtually no experience.)
All suggestions as to the most efficient way to construct a solution
will be most welcome.

--Brett Glass