I think the AuthUserFile directive only works with absolute paths. Also, I think the last line should be Require valid-user, i.e. starting with a capital letter.
But setting up password protected directories is notoriously finicky if you do it by hand. I would suggest to use the Protected Directories feature in the client area (it’s better than the Directory Privacy tool in the control panel) to set it up instead.
Thanks,
As suggested I dumped trying to do it by hand and used Protected Directories from the control panel which is so much simpler if less rewarding.