.htaccess, .htpasswd, .htgroup
==============================

I only use one .htpasswd file & one .htgroup file for any given site. I 
create a ht dir in my $Home dir. Then I use pwd command to find the path 
to the .htpasswd file & .htgroup file for AuthUserFile & AuthGroupFile 
paths for the .htaccess files.

The crypt() function in some machines don't always work correctly all the 
time for HTTP specfied basic authentication (htpasswd -c /ht/.htpasswd). 
The easiest way around that problem is using a Password Generator. There 
are some sites that have a page with Password Generator script.
Here are a few:
http://www.inch.com/info/tech/HOWTOS/htaccess/htpasswd.html
http://www.xs4all.nl/%7Eremcovz/htpasswd.html
http://www.euronet.nl/%7Earnow/htpasswd/

Then I just create .htpasswd file with a ASCII editor (I like pico) and 
paste the username:cryptpassword in the file. I save it in the ht dir I 
created earlier.

pumpkin:NgFQ1vnnW/tJk
radish:mWaquohh.OY3w
john:EMt8amgnyuYD2

This way is also a easy way of maintaining your passwords.

Then I create the .htgroup file with a ASCII editor (I like pico) in the 
ht dir I created earlier.

admin:john
friends:pumpkin radish

Then I save that to my ht dir that I created earlier.

Then whatever dir I want to protect, I create an .htaccess file:

AuthUserFile /testinggroup/ag/a/atest/ht/.htpasswd
AuthGroupFile /testinggroup/ag/a/atest/ht/.htgroup
AuthName "Testing Auth"
AuthType Basic
<Limit GET>
require group  admin
</Limit>

Then I save that file to the dir/s that I want to protect.

Notes:
Having only one .htpasswd file makes life much easier. That is specially 
true when using .htgroup file and having more than one protected dirs for 
different users.

Plus this setup has security to the usernames & passwords.
1. For having .htpasswd & .htgroup files outside of the web access dir, 
adds protection to these files beyond Apache server ht protection.
2. Using .htgroup file adds protection in the way that you don't put the 
username in the .htaccess files.
Remember if one knows the username, then that makes their work easier in 
tryingto hack in.

PS - The paths I used here are fictional for general info only.

----------------------------------------------------------------------------

AuthUserFile /arpa/ns/Letter/member/html/.htpasswd
AuthName "pass?"
AuthType Basic
require valid-user
AddType text/x-server-parsed-html .html
AddType application/x-httpd-cgi   .cgi

try this should work with membername.freeshell.org