The best way to do all of these things is likely by proxying through a web server like Apache. Galaxy can be configured to use the user id provided by apache (REMOTE_USER) and to not allow creation of new accounts. Similarly, you can restrict access to certain addresses using apaches Allow/Deny rules.
See "External user authentication" here:
https://bitbucket.org/galaxy/galaxy-central/wiki/Config/ApacheProxy
Excerpts from Ben Passarelli's message of Thu Jan 13 19:15:05 +0000 2011:
Can Galaxy be restricted to specific users?
Can it be integrated with Kerberos authentication?
Can it be easily restricted to certain IP addresses or IP ranges?