in RHEL4 by default .htaccess files are disabled, and this is a good thing. Enabling .htaccess files cause an unnecessary resource load on the server, even if .htaccess files are not used. It causes httpd to look for them for every request, and is unnecessary. Resource conscious users choose to do the same thing within the httpd.conf file for the virtual domain.
As an example, this in httpd.conf and not in a .htaccess
< Directory /home/domain/domain/html/folder>
AuthName "By Invitation Only"
Require user foo
doing so would require a httpd restart, but would be well worth it.
This is already possible for everything I can think of in Virtualmin, though I suspect resources for web services are not the major concern of most Virtualmin users (spam and AV filtering take the cake for CPU/memory hoggery). I can certainly imagine mass web-hosting environments, however, that might wish for this…we’re just not seeing those customers yet. Our customers right now are generally lower volume full-service hosts.
It just depends on what you’re after, but it’s worth noting that SVN and DAV access controls are already implemented in this way. So, the things that Virtualmin sets up during normal domain creation are done in your preferred way. If I’m not thinking of an area where this choice isn’t possible let me know and I’ll see about fixing it so you do have the choice.