jdMorgan - 1:44 pm on Jul 12, 2011 (gmt 0)
The basic problem is that mod_auth always runs before mod_rewrite, so you're going to get two auth requests (no matter what) if the hostname is incorrect and all domains are mapped to the same server filespace.
The best approach is to always link (on your site) only to the correct/canonical hostname, redirect all non-canonical requests that you can, and then "just live with it" if people are trying to log in using the non-canonical hostname.
Otherwise, you may want to consider implementing your own auth scheme, but that may be a bigger project than it's worth...
Alternately, if you have server-level config access, then you could map the canonical domain to the "normal" filespace, but map all non-canonical requests to a "special" filespace. In this special filespace, authentication/authorization can be disable, and all requests can be redirected back to the canonical domain. It is possible that you may be able to do this using the "add-on domain" feature of some control panels, but it's usually easier and much more straightforward at the server config level.
Hopefully, one or more of these ideas will help...