HTTP based authorization requests a user name and password from the user and compares them against a htpasswd file, in the form used by Apache and other web servers.

(detailed instructions pending)

Note: To make this work when PHP is run in CGI mode, you need to add the following rewrite rule to your htaccess file:

 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

Otherwise, the HTTP_AUTH_USER and HTTP_AUTH_PW fields will not be available to PHP. The above appears to be sufficient at least with PHP 5.2, in earlier versions, you may need to add additional PHP code to extract the information from the HTTP_AUTHORIZATION into HTTP_AUTH_USER and HTTP_AUTH_PW, like this:

  $ha = base64_decode( substr($_SERVER['HTTP_AUTHORIZATION'],6) );
  list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', $ha);

For more information, see the relevant page of the PHP manual and especially the comments relating to CGI mode.