mod_auth_pam v. NIS

Okay, so as I mentioned I'm trying to get a Subversion repository working in a way that a) keeps the repository safely on an NFS-exported, mirrored set of drives, and b) does not require YAFPF. Today I've been banging my head against Apache2 + mod_auth_pam. The problem is that while passwords are successfully checked (hurray! one less FPF!), group membership is not. this does not work:

AuthPAM_Enabled on
AuthPAM_FallThrough on
AuthGROUP_Enabled on
AuthGROUP_FallThrough on
AuthType Basic
AuthGroupFile /etc/group
AuthName "secure area"
Require group subversion

(For one brief, spastic moment I thought Satisfy any was the missing magic. Then I tried it without typing in a password. Sigh.) We're using FreeBSD and NIS; from what I've been able to find so far, that might be problematic. OTOH, I might have the entirely wrong idea about PAM and its ability to check group membership.

UPDATE: Logical as it seems, AuthGroupFile has no place in the modern kitchen. Removing that directive allowed everything to work. Whee!