1) To create a .htaccess file:
First make a file called .htaccess in the directory you want to protect. In that file put
require user cormac
Replace [pathname] with where you decide yto put your .htpasswd file. You can put this anywhere you want. I would reccomend that you put it outside of the webserver root and subdirectories so that it cannot be accessed via the web. (ie put it in /home/stupid or somewhere else
Also replace cormac with whatever user you want.
2) Next at a prompt type
htpasswd -c [pathname]/.htpasswd cormac
You will then be prompted for the password.
Once again replace pathname from above and cormac with a user
When you test it, if it doesn't ask you for authentication check that you are allowing htaccess to overide the permissions in httpd.conf.