man httpd makes it clear that the .htpasswd authentication does not apply
to subdirectories.
.htpasswd exists in the directory of the current request, bozohttpd will
restrict access to documents in that directory using the RFC 2617 HTTP
“Basic” authentication scheme.
Note: This does not recursively protect any sub-directories.
Now, if one writes a script to replicate .htpasswd down the subdirs, that
could have solved it. However now, most annoyingly, the browser would
popup the password dialogue when you try to go to subdirectory.
Has anyone come across this situation and how do you deal with it. I like
bozohttpd's minimalistic approach and would switch away from it only as a
last resort.
Mayuresh
