| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
| <HTML><HEAD><TITLE>Manual Page: htpasswd - Apache HTTP Server</TITLE></HEAD> |
| <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" |
| VLINK="#000080" ALINK="#FF0000"> |
| <!--#include virtual="header.html" --> |
| <!-- This document was autogenerated from the man page --> |
| <pre> |
| <strong>NAME</strong> |
| htpasswd - Create and update user authentication files |
| |
| <strong>SYNOPSIS</strong> |
| <strong>htpasswd </strong>[ -<strong>c </strong>] [ -<strong>m </strong>] <em>passwdfile username</em> |
| <strong>htpasswd </strong>-<strong>b </strong>[ -<strong>c </strong>] [ -<strong>m </strong>| -<strong>d </strong>| -<strong>p </strong>| -<strong>s </strong>] <em>passwdfile username</em> |
| <em>password</em> |
| <strong>htpasswd </strong>-<strong>n </strong>[ -<strong>m </strong>| -<strong>d </strong>| -<strong>s </strong>| -<strong>p </strong>] <em>username</em> |
| <strong>htpasswd </strong>-<strong>nb </strong>[ -<strong>m </strong>| -<strong>d </strong>| -<strong>s </strong>| -<strong>p </strong>] <em>username password</em> |
| |
| <strong>DESCRIPTION</strong> |
| <strong>htpasswd </strong>is used to create and update the flat-files used to |
| store usernames and password for basic authentication of |
| HTTP users. If <strong>htpasswd </strong>cannot access a file, such as not |
| being able to write to the output file or not being able to |
| read the file in order to update it, it returns an error |
| status and makes no changes. |
| |
| Resources available from the <strong>httpd </strong>Apache web server can be |
| restricted to just the users listed in the files created by |
| <strong>htpasswd. </strong>This program can only manage usernames and pass- |
| words stored in a flat-file. It can encrypt and display |
| password information for use in other types of data stores, |
| though. To use a DBM database see <strong>dbmmanage</strong>. |
| |
| <strong>htpasswd </strong>encrypts passwords using either a version of MD5 |
| modified for Apache, or the system's <em>crypt</em>() routine. Files |
| managed by <strong>htpasswd </strong>may contain both types of passwords; |
| some user records may have MD5-encrypted passwords while |
| others in the same file may have passwords encrypted with |
| <em>crypt</em>(). |
| |
| This manual page only lists the command line arguments. For |
| details of the directives necessary to configure user |
| authentication in <strong>httpd </strong>see the Apache manual, which is part |
| of the Apache distribution or can be found at |
| <URL:http://www.apache.org/>. |
| |
| <strong>OPTIONS</strong> |
| -b Use batch mode; <em>i</em>.<em>e</em>., get the password from the command |
| line rather than prompting for it. <strong>This option should</strong> |
| <strong>be used with extreme care, since the password is</strong> |
| <strong>clearly visible on the command line.</strong> |
| |
| -c Create the <em>passwdfile</em>. If <em>passwdfile </em>already exists, it |
| is rewritten and truncated. This option cannot be com- |
| bined with the <strong>-n </strong>option. |
| |
| -n Display the results on standard output rather than |
| updating a file. This is useful for generating pass- |
| word records acceptable to Apache for inclusion in |
| non-text data stores. This option changes the syntax |
| of the command line, since the <em>passwdfile </em>argument |
| (usually the first one) is omitted. It cannot be com- |
| bined with the <strong>-c </strong>option. |
| |
| -m Use MD5 encryption for passwords. On Windows and TPF, |
| this is the default. |
| |
| -d Use crypt() encryption for passwords. The default on |
| all platforms but Windows and TPF. Though possibly sup- |
| ported by <strong>htpasswd </strong>on all platforms, it is not sup- |
| ported by the <strong>httpd </strong>server on Windows and TPF. |
| |
| -s Use SHA encryption for passwords. Faciliates migration |
| from/to Netscape servers using the LDAP Directory |
| Interchange Format (ldif). |
| |
| -p Use plaintext passwords. Though <strong>htpasswd </strong>will support |
| creation on all platofrms, the <strong>httpd </strong>deamon will only |
| accept plain text passwords on Windows and TPF. |
| |
| <em>passwdfile</em> |
| Name of the file to contain the user name and password. |
| If -c is given, this file is created if it does not |
| already exist, or rewritten and truncated if it does |
| exist. |
| |
| <em>username</em> |
| The username to create or update in <strong>passwdfile</strong>. If |
| <em>username </em>does not exist in this file, an entry is |
| added. If it does exist, the password is changed. |
| |
| <em>password</em> |
| The plaintext password to be encrypted and stored in |
| the file. Only used with the -<em>b </em>flag. |
| |
| <strong>EXIT STATUS</strong> |
| <strong>htpasswd </strong>returns a zero status ("true") if the username and |
| password have been successfully added or updated in the |
| <em>passwdfile</em>. <strong>htpasswd </strong>returns 1 if it encounters some prob- |
| lem accessing files, 2 if there was a syntax problem with |
| the command line, 3 if the password was entered interac- |
| tively and the verification entry didn't match, 4 if its |
| operation was interrupted, 5 if a value is too long (user- |
| name, filename, password, or final computed record), and 6 |
| if the username contains illegal characters (see the <strong>RES-</strong> |
| <strong>TRICTIONS </strong>section). |
| |
| <strong>EXAMPLES</strong> |
| <strong>htpasswd /usr/local/etc/apache/.htpasswd-users jsmith</strong> |
| |
| Adds or modifies the password for user <em>jsmith</em>. The user |
| is prompted for the password. If executed on a Windows |
| system, the password will be encrypted using the modi- |
| fied Apache MD5 algorithm; otherwise, the system's |
| <em>crypt</em>() routine will be used. If the file does not |
| exist, <strong>htpasswd </strong>will do nothing except return an error. |
| |
| <strong>htpasswd -c /home/doe/public_html/.htpasswd jane</strong> |
| |
| Creates a new file and stores a record in it for user |
| <em>jane</em>. The user is prompted for the password. If the |
| file exists and cannot be read, or cannot be written, |
| it is not altered and <strong>htpasswd </strong>will display a message |
| and return an error status. |
| |
| <strong>htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve</strong> |
| |
| Encrypts the password from the command line (<em>Pwd4Steve</em>) |
| using the MD5 algorithm, and stores it in the specified |
| file. |
| |
| <strong>SECURITY CONSIDERATIONS</strong> |
| Web password files such as those managed by <strong>htpasswd </strong>should |
| <strong>not </strong>be within the Web server's URI space -- that is, they |
| should not be fetchable with a browser. |
| |
| The use of the -<em>b </em>option is discouraged, since when it is |
| used the unencrypted password appears on the command line. |
| |
| <strong>RESTRICTIONS</strong> |
| On the Windows and MPE platforms, passwords encrypted with |
| <strong>htpasswd </strong>are limited to no more than 255 characters in |
| length. Longer passwords will be truncated to 255 charac- |
| ters. |
| |
| The MD5 algorithm used by <strong>htpasswd </strong>is specific to the Apache |
| software; passwords encrypted using it will not be usable |
| with other Web servers. |
| |
| Usernames are limited to 255 bytes and may not include the |
| character ':'. |
| |
| <strong>SEE ALSO</strong> |
| <strong>httpd(8) </strong>and the scripts in support/SHA1 which come with the |
| distribution. |
| |
| </pre> |
| <!--#include virtual="footer.html" --> |
| </BODY></HTML> |