Apache .htaccess trick to authenticate only once for all subdomains?
Not possible; you can use a single .htaccess file to grant access to anything in your directory tree with the same credentials, but authentication is required for each unique subdomain.
As Benny points out, you'll need session-based authentication in some form to accomplish this.
It is impossible to do such thing by http basic auth specs. Realms bob.example.com and elisa.example.com are two different protection spaces and almost every browser will treat them as 2 seperate,different realms to whom different authentification credentials should be suplied.
How ever, there is solution - HTTP digest auth . It allows you to specify all domains that are URLs in protection space. However, it does not allow wildcard subdomains, so after dozen of domains it gets quite a PITA. Example config .
<Location />
AuthType Digest
AuthName "teh realm"
AuthDigestAlgorithm MD5
AuthDigestDomain / http://domain.com/ http://subdomain.domain.com/
AuthDigestQop auth
AuthDigestProvider file
AuthUserFile /etc/apache2/.htpasswd-digest
</Location>
IMO, that your only choice is to write own FastCGI authenticator who users cookies, who allow wildcard subdomains . If you have few domains, its easier to stick with digest.