Le Oops...   Thought I was logged in, try it again:

Have you considered providing authentication through /etc/apache/httpd.conf or /etc/apache/access.conf? I like it a bit better than .htaccess because it places all info in one place, instead of having .htaccess files throughout the directory structure. Works with /usr/bin/htpasswd just like .htaccess.

<Directory /var/www/private_html>
    <Files foo.bar>
        AuthName "Foo for Thought"
        AuthType Basic
        AuthUserFile /not/web/published/foo.htpasswd
        Require valid-user
    </Files>
</Directory>
[download]

    cheers,
    ybiC