The AuthBasicProvider directive sets which provider is used to authenticate the users for this location. Setting the value to On will choose the default provider (file). Since the file provider is implemented by the mod_authn_file module, you have to make sure, that the module is present in the server.

See mod_authn_dbm and mod_authn_file for providers.

The value Off clears the provider list and sets it back to the default.

Setting the AuthBasicAuthoritative directive explicitly to Off allows for both authentication and authorization to be passed on to lower level modules (as defined in the modules.c files) if there is no userID or rule matching the supplied userID. If there is a userID and/or rule specified, the usual password and access checks will be applied and a failure will give an "Authentication Required" reply.

So if a userID appears in the database of more than one module; or if a valid Require directive applies to more than one module; then the first module will verify the credentials; and no access is passed on; regardless of the AuthBasicAuthoritative setting.

By default control is not passed on and an unknown userID or rule will result in an "Authentication Required" reply. Not setting it thus keeps the system secure and forces an NCSA compliant behaviour.