AuthType Basic
AuthName "Name of the file you are protecting"
AuthUserFile /usr/local/apache/users
require valid-user

The first line says that it is a basic user - password authentication. The second line will be displayed when you hit the directory with a browser. For example, in Netscape on Linux you will see "Enter user name for Name of the file you are protecting at linux.mydomain.cxm." So if you are protecting something line "My Pictures," put that in AuthName and it will read

Enter user name for My Pictures at linux.mydomain.cxm.

The AuthUserFile directive specifies the location for the file containing a list of authorized users, together with their passwords. This file should *always* be placed outside the Web server root, in an area not accessible to a browser; if this is not done, anyone can download the file and view the information in it. Be careful - the example above is for a FILE called "users" in a DIRECTORY called "apache."

Finally, the "require valid-user" statement specifies the kinds of users that have access to this directory - in this case, it means that all valid users (read: users listed in the authorization file) have the ability to view the contents of the directory. You could further restrict the number of people allowed access by specifying user or group names - for example, the statement "require user joe beth" would only allow users "joe" and "beth" access to this area.

2. Change the httpd.conf file so that it will look for and process the file you just created.

Apache will only read the ".htaccess" file if it is configured to do so. In order to confirm this, open up your main Apache configuration file, (on RedHat 7.2 it's /etc/httpd/conf/httpd.conf), and look for this:

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#

AllowOverride None

and change to:

AllowOverride All (In Apache 2.x make it Authconfig instead of All

for the directory you want to password protect.

<Directory "path/to/the/dir/you're/protecting">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Be careful because this line appears two times, first for a global setting.  Leave that at "None."  
The AllowOverride All (AuthConfig) directive tells the server that global configuration parameters can be overridden 
by local ones - the parameters in the per-directory ".htaccess" file.  Just override it for the directory 
you want to protect.


3. Make the password file

Apache comes with its own utility to create the the password file - it's called 
"htpasswd".

Switch to the directory specified in the AuthUserFile directive above, ad run 
the "htpasswd" command to create a file containing authorized users - you might 
see something like this:

# htpasswd -c filename username
Adding password for username.
New password:
Re-type new password:

This will create the password file in the directory. For example, if you are in the directory /usr/local/apache/users and you type

# htpasswd -c /var/www/password/.htaccess-users glenn

then you will be able to see a file .htaccess -users and inside the directory /var/www/password/ that is named .htaccess-users. If you open it with a text editor, it will read

glenn:9DyNcHx.8JOp2

with the password behind in encrypted form.

You can add as many users as you like using the method above (remember to omit the -c parameter, though, since that's only used when creating a file for the first time). You can see other command line options available at http://httpd.apache.org/docs/programs/htpasswd.html

4. Access the page

With everything in place, start up your browser and point it to the directory you just protected. The Web server should immediately pop up a dialog box asking for a username and password, and will only allow you to view the contents of the directory if you enter the correct values.