htpasswd is used to create and update the flat-files used to store usernames and passwords for basic authentication of HTTP users. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd. This program can only manage usernames and passwords stored in a flat file.

To restrict access to certain HTTP resources, we need to create two files: .htaccess and .htpasswd (or equivalent per httpd.conf setting). The .htaccess file looks something like:

-- [.htaccess] file content begins --

AuthUserFile /location/of/.htpasswd
AuthName "Enter Password?"
AuthGroupFile /dev/null
AuthType Basic
require valid-user

-- [.htaccess] content ends --

Line 1 [AuthUserFile]: Location of .htpasswd file.
Line 2 [AuthGroupFile]: For multiple user names.
Line 3 [AuthName]: Title of the authentication message box that pops up.
Line 4 [AuthType]: The simplest authentication type.
Bottom 3 lines: A user who can access the limited resource.

The .htpasswd file can be generated using the htpasswd command as described below.

% htpasswd -c -m /path/to/.passwd {username}
New password: ******
Re-type new password: ******
Adding password for user {username}
Synopsis

htpasswd [ -c ] [ -m ] [ -D ] passwdfile username

htpasswd -b [ -c ] [ -m | -d | -p | -s ] [ -D ] passwdfile username password

htpasswd -n [ -m | -d | -s | -p ] username

htpasswd -nb [ -m | -d | -s | -p ] username password

Options

-b
Use batch mode; i.e., get the password from the command line rather than prompting for it. This option should be used with extreme care, since the password is clearly visible on the command line.

-c
Create the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.

-n
Display the results on standard output rather than updating a file. This is useful for generating password records acceptable to Apache for inclusion in non-text data stores. This option changes the syntax of the command line since the passwdfile argument (usually the first one) is omitted. It cannot be combined with the -c option.

-m
Use MD5 encryption for passwords. On Windows, Netware, and TPF, this is the default.

-d
Use crypt() encryption for passwords. The default on all platforms but Windows, Netware, and TPF. Though possibly supported by htpasswd on all platforms, it is not supported by the httpd server on Windows, Netware and TPF.

-s
Use SHA encryption for passwords. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif).

-p
Use plaintext passwords. Though htpasswd will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows, Netware, and TPF.

-D
Delete user. If the username exists in the specified htpasswd file, it will be deleted.

passwdfile

Name of the file to contain the user name and password. If -c is given, this file is created if it does not already exist, or rewritten and truncated if it does exist.

username

The username to create or update in passwdfile. If a username does not exist in this file, an entry is added. If it does exist, the password is changed.

password

The plaintext password is to be encrypted and stored in the file. Only used with the -b flag.

See Apache Manual for details.

To generate encrypted htpasswd online, please visit Generate Password.

Share this post

Comments (0)

    No comment

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.


Login To Post Comment