On Sat, Apr 19, 2008 at 6:37 AM, Pam Astor <pamastor at hotmail.com> wrote: > OK I tried that and it still would not work, I am not prompted for > a username or password on the site I want to protect. > > Do I also need to add a new entry in httpd.conf or load a new apache > module? Not by default, no. There are several AllowOverrides statements in the default httpd.conf. Which did you modify? The one you wanted should be around line 327, looking like this: Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory> Change the AllowOverride to AuthConfig, and that should be just about it. You don't want to use the AuthDBMType unless you're using htdbm instead of htpasswd to generate your password file lists. You also need to make sure that apache has access to the area where you're putting your .htaccess. If you're stuffing this in your home directory like it looks above, apache doesn't have permissions in here unless you've modified your homedir to 711 from 700. Selinux can also cause some issues in here as well if you have it enabled and haven't changed contexts. Without fully seeing the config that you're using and some info about the dir you're trying to restrict, it'll be a little harder to offer more help. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell