I'm having difficulty getting apache to require authentication using .htaccess for a virtual host with the directory any deeper than one level.

Setup: Apache SuExec, FastCGI

.htaccess 'require valid-user' works fine on the top level directory. (I get a password prompt when the relevant lines are in .htaccess)

.htaccess 'require valid-user' breaks in the 2nd level directory, but when I remove the 'require valid-user' line, I can access the proper files under the 2nd level directory just fine.. So I know it's reading the .htaccess file...

I'm also not seeing any errors in the apache logs... owner of all files and directories is the proper user, and they are mode: 755


.htaccess of the top level directory:
<<
# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymlinks
Options +SymLinksIfOwnerMatch
RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

# THIS WORKS
AuthType Basic
AuthName "realm"
AuthUserFile "PATH-TO-HTPASSWD-IN-2ND-LEVEL-DIR/.htpasswd"
require valid-user
>>


.htaccess of the 2nd level directory:
<<
# THIS DOESN'T WORK, I'M NEVER PROMPTED FOR A PASSWORD
AuthType Basic
AuthName "realm"
AuthUserFile "PATH-TO-HTPASSWD-IN-2ND-LEVEL-DIR/.htpasswd"
require valid-user
>>


Any ideas? TIA