Security

According to Apache documentation at http://httpd.apache.org/docs/2.0/howto/htaccess.html, .htaccess file is a "distributed configuration file" which is used and accessed on a per-directory basis. Please also note in the same context that "In general, you should never use .htaccess files unless you don't have access to the main server configuration file."

There is a tutorial at http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html which shows how to use AuthUserFile and AuthGroupFile, if that helps.

If you can set up one .htaccess file per directory or domain, you can have also have multiple AuthUserFiles in the system.

If the administrators access the directories from inside your LAN, you can set up a second virtual host for the directory and link it to another internal IP address. When you define the <directory> entry for the virtual hosts, you can include the AuthUserFile directive there, instead of using the .htaccess file.

Therefore ordinary users accessing the domain from outside the LAN using one internal IP address would be authenticated against one set of usernames in the file specified in the AuthUserFile entry and the administrators accessing the domain from inside the LAN using the second internal IP address would be authenticated against another set of usernames in the text file specified in the AuthUserFile entry in their <directory> settings.

I have not tested it but you may be able to get away with setting up the AuthUserFile for the administrators in <Directory "/var/www/html"> if the other users have access only to subdirectories under the document root.