I see two recent threads in this regard:
http://lists.radiantcms.org/pipermail/radiant/2007-January/002879.html
http://lists.radiantcms.org/pipermail/radiant/2007-May/004880.html
The recommendation in the first thread is to use Apache .htaccess. What
I cannot
understand, and what wasn’t resolved, is that .htaccess resides in a
filesystem, whereas
the pages served up by Radiant are virtual.
Am I mistaken?
What I’d like to do is to have the main page being public, and a subtree
of
the site being password protected.
I suppose a compromise would be to have the password protected site
being
a separate tree altogether 
Hmm… I suppose this might be possible with:
http://dev.radiantcms.org/radiant/wiki/HowToHostMultipleWebsites
Using this and Apache mod_proxy, it might be simpler to have:
Site Root
|
And maybe somehow convince Apache to password protect the 2nd site.
Earl