Thanks, Geert.
I found a simple way forward by moving outside of Trac to Apache, since the authentication method I am using actually belongs to Apache.
The starting point is here
http://www.perlmonks.org/?node_id=178482.
Many thanks to greenFox.
I made 3 modifications. First, I changed the value of my %settings (htpasswd) to the specific name of the project's password file.
Second, instead of using
$settings{user} = $ENV{REMOTE_USER};
I created a new field "user_id" and used $data{user_id} instead in the rest of the script. This means that the user does not have to be logged in to use the script -- all data used by the script comes directly from the user interacting with the script. (I was forced this way by my inability to run this script from a logged-in Trac session. The failure mode was kind of funny to see.)
Third, I was able to make the CGI textfield not "sticky" without putting debris into the user_id textfield by adding "-override => 1" to the "old_passwd" cgi->password_field and changing the -value => '' (meaning empty string) to 'Password', which means that the user_id and old_passwd are cleared every time the form is displayed to the user. Someone using that PC and browser later is not rewarded with any information from the last use of the form.
Other than enabling CGI, all I had to do was download and install Crypt-PasswdMD5 and Apache-Htpasswd.
I do not normally program in Perl, but I was able to look up everything and get this working in an afternoon.
Hope this helps someone else.
Bill