Is there a way to require a htaccess login only for a specific domain? I'm using Drupal and it is set up as a multisite installation but only one site is supposed to be protected.
You can do that using the Secure Site module: http://drupal.org/project/securesite
It allows you to protect a site using HTTP basic authorization. The usernames and passwords will be from the Drupal users table, rather than a separate htpassword file.
In Apache configuration (either htaccess or httpd.conf) the AuthType is always tied to the directory. I don't think you can tie the authorization to named virtual host just with Apache configuration.