Firstly SSH into the relevant server the website is hosted on (vhost1 or 2)
cd into the relevant directory /www/vhosts/www.domain.com/whatever etc
Copy an existing .htaccess file into the directory via a command such as cp /www/vhosts/www.riscosnow.com/subscribers/.htaccess .
Edit the new .htaccess file and amend the pathname of the AuthUserFile and AuthName. The other lines stay the same. The passwd file should point to a passwd file inside the protected directory (it's encrypted anyway, so doesn't matter if people should find it).
Make sure the ownership is root, so that the customer can't edit it themselves.
Now edit the apache config file (/etc/httpd/conf/httpd.conf) and add the following line to the required domain virtual host.
AllowOverride AuthConfig
Restart Apache.
/etc/rc.d/init.d/httpd restart
All done!
Email user, pointing them to instructions at http://www.orpheusinternet.co.uk/support/web/