From Apache v1.3 on, filenames are relative to the server root unless they are absolute. A filename is taken as absolute if it starts with "/" or, on Win32, if it starts with "drive :/". It seems sensible to us to write them in absolute form to prevent misunderstandings. The directives are as follows.
AuthType type Directory, .htaccess
AuthType specifies the type of authorization control. Until recently, Basic was the only possible type, but Apache 1.1 introduced Digest, which uses an MD5 digest and a shared secret. As far as we know, no browser yet supports it.
If the directive AuthType is used, we must also use AuthName, AuthGroupFile, and AuthUserFile.
AuthName auth-realm Directory, .htaccess
AuthName gives the name of the realm in which the users' names and passwords are valid. If the name of the realm includes spaces, you will need to surround it with quotation marks:
AuthName "Jack and Jill"
AuthGroupFile filename Directory, .htaccess
AuthGroupFile has nothing to do with the Group webgroup directive at the top of the Config file. It gives the name of another file that contains group names and their members:
cleaners: daphne sonia directors: bill ben
We put this into ... /ok_users/groups and set AuthGroupFile to match. The AuthGroupFile directive has no effect unless the require directive is suitably set.
AuthUserFile is a file of ...