See Apache.org’s Authentication, Authorization and Access Control page (for the 2.0 version): http://httpd.apache.org/docs/2.0/howto/auth.html
Creation and location of the password file: the htpasswd utility
Assignment: Use htpasswd to create a password file.
Select a secure location.
Create the first user.
Create a subsequent user.
Configuring the server to request a password and authenticate the user:
Note that you can do this in a .htaccess file OR in a Directory container!AuthType Basic
AuthName “Restricted_Realm_Name“
AuthUserFile /usr/sbin/apache/passwd/passwords
Require user User_NameSimilarly, requiring group membership:
AuthType Basic
AuthName “Restricted_Realm_Name“
AuthUserFile /usr/sbin/apache/passwd/passwords
AuthGroupFile /usr/sbin/apache/passwd/groups
Require group Group_Name
Allowing Authentication in Directory Containers: Just use the Directives above!
Allowing Authentication in .htaccess files:
AllowOverride AuthConfig
Assignment: Set up a secure directory using an .htaccess file.
First, require a user name and password.
Next, modify the configuration to allow only one host access without a password. Other users must be required to supply a password.
For the next iteration, require both.
Next, allow GET but deny POST.
Finally, eliminate support for .htaccess files, but secure one directory in the web filesystem.
The Apache.org .htaccess Tutorial
A good article from ApacheWeek.com: Using User Authentication