Anyone with Apache/SSL experience care to lend a helping hand?

I've got Apache compiled with mod_ssl, and it seems to be working fine. In fact, I know that part is working fine. Where my trouble lies is with forcing it to look look for the userID/password to access the directory. It allows any conenction to view the page, without prompting for userID/PW. httpd.conf points traffic for hermes.manitobamall.net to /www/htdocs/manitobamall/.

Looked around for everything I could find on the 'Net, and tried all variations of examples, still the same. ____________________

/www/htdocs/test/.htaccess:

AuthUserFile /www/pw/.file-password AuthGroupFile /dev/null AuthName "TestPage" AuthType Basic

<Limit GET POST PUT> require user test </Limit>

___________________

/www/pw/.filepassword:

test: 38sqpB6MNb7BA