In a file called access.conf you have somethink like this:
# /home/httpd/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory /home/httpd/cgi-bin>
AllowOverride None
Options ExecCGI
</Directory>
Let's change
AllowOverride None to AllowOverride All
The folders does not have to be chmoded to a certain mode to create password protection.
You can find access.conf by typing whereis access.conf (usually is in /etc/httpd/conf or something similar)