That's a combination that may be hard to work with. The last project that I used authentication and Apache together initially used .htaccess files, but we scrapped that in favor of cookie checking code in all pages where users are supposed to be logged in. Here's a simple overview of how it worked:

Requests to index page were redirected to an SSL page that had a form for username/password entry. A successful username/password entry caused an entry with a generated session ID to be made in an Oracle database, and a cookie was sent back to the browser with the session ID. Once the username and password were authenticated, the user was redirected back to the "logged in" index page. All pages that required a user to be logged in had a bit of code included at the very top that checked the session ID and verified through the DB that the user was logged in. If the cookie was missing, or the user was not listed in the DB, the user was redirected back to the login page.
Not exactly the best of solutions as far as scalability and speed goes, but it might be a good starting point.

Guildenstern
Negaterd character class uber alles!