well that is also easy with Debian (Etch or Lenny):

• lighty-enable-mod auth
  ( non debian users might just add this to their lighty config:
  server.modules                += ( "mod_auth" )
  )
• add this to your lighttpd configuration, somewhere inside of your "$SERVER["socket"] == {}" part
  (update the paths according to your configuration!) 
  
    auth.backend = "htpasswd"
    auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswd"
    auth.require = ( "/" =>
                 (
                   "method"  => "basic",
                   "realm"   => "auth login only",
                   "require" => "valid-user"
                 )
                 )
  ( in /etc/lighttpd/conf-enabled/05-auth.conf you could also see a few examples )
  If you have more then one user in your htpasswd file and want grant access only for a specific user, change the "require" line like this:
  "require" => "user=username"
  auth.require = ( "/" =>
  this "/" is the relative path, might also be "/phpmyadmin" or "/secret"
   
• /etc/init.d/lighttpd force-reload

if you miss htpasswd cli tool, install apache2-utils via aptitude:

• aptitude install apache2-utils