As far as i remember its like that:
- add "AllowOverride AuthConfig" to your server configuration
- create a password file with "htpasswd -c /usr/local/apache/passwd/passwords myuser"
- put something like this in your .htaccess file:
AuthName "Restricted Files"
Require user myuser
as usual: no responsibility is taken for the correctness of this information