htdbm(1)

1HTDBM(1)                             htdbm                            HTDBM(1)
2
3
4

NAME

6       htdbm - Manipulate DBM password databases
7
8

SYNOPSIS

10       htdbm  [  -TDBTYPE  ] [ -c ] [ -m | -d | -p | -s ] [ -t ] [ -v ] [ -x ]
11       filename username
12
13
14       htdbm -b [ -TDBTYPE ] [ -c ] [ -m | -d | -p | -s ] [ -t ] [ -v ]  file‐
15       name username password
16
17
18       htdbm -n [ -c ] [ -m | -d | -p | -s ] [ -t ] [ -v ] username
19
20
21       htdbm -nb [ -c ] [ -m | -d | -p | -s ] [ -t ] [ -v ] username password
22
23
24       htdbm  -v [ -TDBTYPE ] [ -c ] [ -m | -d | -p | -s ] [ -t ] [ -v ] file‐
25       name username
26
27
28       htdbm -vb [ -TDBTYPE ] [ -c ] [ -m | -d | -p | -s ] [ -t ] [ -v ] file‐
29       name username password
30
31
32       htdbm -x [ -TDBTYPE ] [ -m | -d | -p | -s ] filename username
33
34
35       htdbm -l [ -TDBTYPE ]
36
37
38

SUMMARY

40       htdbm  is  used  to manipulate the DBM format files used to store user‐
41       names  and  password  for  basic  authentication  of  HTTP  users   via
42       mod_auth_dbm.  See  the  dbmmanage  documentation  for more information
43       about these DBM files.
44
45
46

OPTIONS

48       -b     Use batch mode; i.e., get the password  from  the  command  line
49              rather  than  prompting  for it. This option should be used with
50              extreme care, since the password is clearly visible on the  com‐
51              mand line.
52
53       -c     Create  the  passwdfile.  If  passwdfile  already  exists, it is
54              rewritten and truncated. This option cannot be combined with the
55              -n option.
56
57       -n     Display  the  results  on standard output rather than updating a
58              database. This option changes the syntax of  the  command  line,
59              since  the  passwdfile argument (usually the first one) is omit‐
60              ted. It cannot be combined with the -c option.
61
62       -m     Use MD5 encryption for passwords. On Windows, Netware  and  TPF,
63              this is the default.
64
65       -d     Use  crypt()  encryption for passwords. The default on all plat‐
66              forms but Windows, Netware and TPF. Though possibly supported by
67              htdbm  on all platforms, it is not supported by the httpd server
68              on Windows, Netware and TPF.
69
70       -s     Use SHA encryption for passwords. Facilitates migration  from/to
71              Netscape  servers  using  the  LDAP Directory Interchange Format
72              (ldif).
73
74       -p     Use plaintext passwords. Though htdbm will support  creation  on
75              all  platforms,  the  httpd  daemon  will only accept plain text
76              passwords on Windows, Netware and TPF.
77
78       -l     Print each of the usernames and comments from  the  database  on
79              stdout.
80
81       -t     Interpret  the final parameter as a comment. When this option is
82              specified, an additional string can be appended to  the  command
83              line;  this  string will be stored in the "Comment" field of the
84              database, associated with the specified username.
85
86       -v     Verify the username and password. The program will print a  mes‐
87              sage  indicating  whether the supplied password is valid. If the
88              password is invalid, the program exits with error code 3.
89
90       -x     Delete user. If the username exists in the specified  DBM  file,
91              it will be deleted.
92
93       filename
94              The  filename of the DBM format file. Usually without the exten‐
95              sion .db, .pag, or .dir. If -c is given, the DBM file is created
96              if it does not already exist, or updated if it does exist.
97
98       username
99              The username to create or update in passwdfile. If username does
100              not exist in this file, an entry is added. If it does exist, the
101              password is changed.
102
103       password
104              The  plaintext  password  to  be encrypted and stored in the DBM
105              file. Used only with the -b flag.
106
107       -TDBTYPE
108              Type of DBM file (SDBM, GDBM, DB, or "default").
109
110

BUGS

112       One should be aware that there are a number of different DBM file  for‐
113       mats in existence, and with all likelihood, libraries for more than one
114       format may exist on your system. The three primary examples  are  SDBM,
115       NDBM,  GNU  GDBM,  and  Berkeley/Sleepycat DB 2/3/4. Unfortunately, all
116       these libraries use different file formats, and you must make sure that
117       the  file format used by filename is the same format that htdbm expects
118       to see. htdbm currently has no way of determining what type of DBM file
119       it  is looking at. If used against the wrong format, will simply return
120       nothing, or may create a different DBM file with a different  name,  or
121       at  worst,  it may corrupt the DBM file if you were attempting to write
122       to it.
123
124
125       One can usually use the file program supplied with most Unix systems to
126       see what format a DBM file is in.
127
128

EXIT STATUS

130       htdbm  returns a zero status ("true") if the username and password have
131       been successfully added or updated in the DBM File. htdbm returns 1  if
132       it  encounters  some  problem  accessing files, 2 if there was a syntax
133       problem with the command line, 3 if the password was  entered  interac‐
134       tively  and the verification entry didn't match, 4 if its operation was
135       interrupted, 5 if a value is too long (username, filename, password, or
136       final  computed  record), 6 if the username contains illegal characters
137       (see the Restrictions section), and 7 if the file is not  a  valid  DBM
138       password file.
139
140

EXAMPLES

142             htdbm /usr/local/etc/apache/.htdbm-users jsmith
143
144
145
146       Adds or modifies the password for user jsmith. The user is prompted for
147       the password. If executed on a Windows system,  the  password  will  be
148       encrypted  using the modified Apache MD5 algorithm; otherwise, the sys‐
149       tem's crypt() routine will be used. If the file does not  exist,  htdbm
150       will do nothing except return an error.
151
152
153             htdbm -c /home/doe/public_html/.htdbm jane
154
155
156
157       Creates a new file and stores a record in it for user jane. The user is
158       prompted for the password. If the file exists and cannot  be  read,  or
159       cannot  be  written, it is not altered and htdbm will display a message
160       and return an error status.
161
162
163             htdbm -mb /usr/web/.htdbm-all jones Pwd4Steve
164
165
166
167       Encrypts the password from the command line (Pwd4Steve) using  the  MD5
168       algorithm, and stores it in the specified file.
169
170

SECURITY CONSIDERATIONS

172       Web  password files such as those managed by htdbm should not be within
173       the Web server's URI space -- that is, they  should  not  be  fetchable
174       with a browser.
175
176
177       The  use  of  the  -b  option is discouraged, since when it is used the
178       unencrypted password appears on the command line.
179
180

RESTRICTIONS

182       On the Windows and MPE platforms, passwords encrypted  with  htdbm  are
183       limited to no more than 255 characters in length. Longer passwords will
184       be truncated to 255 characters.
185
186
187       The MD5 algorithm used by htdbm is specific  to  the  Apache  software;
188       passwords encrypted using it will not be usable with other Web servers.
189
190
191       Usernames are limited to 255 bytes and may not include the character :.
192
193
194
195
196Apache HTTP Server                2005-03-26                          HTDBM(1)