I would like to authenticate users who access files in mydomain/secure.

I have .htaccess and .htpasswd in the directoy.

/etc/apache2/httpd.conf is empty (never been touched since installation).

/etc/apache2/apache2.conf has this in it:

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>

I have tried putting this in httpd.conf and restarting apache, to no effect:

<Directory /var/www>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

What should I be doing?
Thanks
Tony