How to use Apache authentication methods for NoAuth pages? (fastcgi and apache2 RT not respecting htaccess)

I have some NoAuth pages I’d like to use with htaccess/htpasswd-style
Apache authentication but NoAuth pages served by Request Tracker don’t
seem to respect my settings in Apache’s configuration.

Additionally, the pages themselves aren’t requesting a username and
password which I’d really like for a few of the NoAuth pages. This
allows us to give people different summary views of ticket data
through our own templates to present RequestTracker tickets to
internal groups. So that doesn’t work and neither do protections that
Apache applies to those files, letting remote users request the
.htpasswd and .htaccess files off the filesystem in spite of my
configuration in Apache.

For example, I have the following in my httpd.conf:

<Files ~ “^.ht”>
Order allow,deny
Deny from all

So I imagine this means RT’s fastcgi instance is taking over and these
requests aren’t actually going to Apache, but I do see them in
Apache’s log:

[20/Mar/2010:22:14:25 -0500] TLSv1 DHE-RSA-AES256-SHA
"GET /NoAuth/helpdesk/.htaccess HTTP/1.1" 15
[20/Mar/2010:22:35:52 -0500] TLSv1 DHE-RSA-AES256-SHA
"GET /NoAuth/helpdesk/.htaccess HTTP/1.1" 15

Any ideas on what is happening? I have no occurrence of AllowOverride
None in my httpd.conf.