Problems with security

1. How do I set up Apache to require a username and password to access certain documents?

See the Apache-FAQ for the best possible answer to this question. Apache-FAQ.

2. I really don't understand the "satisfy" directive how does it work?

Essentially all that satisfy does is implement an access rule which determines whether a client will be given access to a given portion of a site. You can implement it with a set of rules and require that "one" or "all" of several rules be satisfied before access is allowed. Here's the example from the Apache-FAQ:

deny from all
allow from .gooddomain.com
AuthType Basic
AuthUserFile /usr/local/apache/conf/htpasswd.users AuthName "special directory"
require valid-user
satisfy any

3. I have authentication rules setup but the server gives me an error. What gives?

Make sure that all of the authentication modules your are using are properly configured. When they're not you get an error instead of access denied.