htpasswd(1)

1HTPASSWD(1)                        htpasswd                        HTPASSWD(1)
2
3
4

NAME

6       htpasswd - Manage user files for basic authentication
7
8

SYNOPSIS

10       htpasswd [ -c ] [ -m ] [ -D ] passwdfile username
11
12
13       htpasswd  -b  [  -c  ] [ -m | -d | -p | -s ] [ -D ] passwdfile username
14       password
15
16
17       htpasswd -n [ -m | -d | -s | -p ] username
18
19
20       htpasswd -nb [ -m | -d | -s | -p ] username password
21
22
23

SUMMARY

25       htpasswd is used to create and update  the  flat-files  used  to  store
26       usernames  and  password  for  basic  authentication  of HTTP users. If
27       htpasswd cannot access a file, such as not being able to write  to  the
28       output  file  or not being able to read the file in order to update it,
29       it returns an error status and makes no changes.
30
31
32       Resources available from the Apache HTTP server can  be  restricted  to
33       just  the  users  listed in the files created by htpasswd. This program
34       can only manage usernames and passwords stored in a flat-file.  It  can
35       encrypt and display password information for use in other types of data
36       stores, though. To use a DBM database see dbmmanage.
37
38
39       htpasswd encrypts passwords using either a version of MD5 modified  for
40       Apache,  or the system's crypt() routine. Files managed by htpasswd may
41       contain  both  types  of  passwords;  some  user   records   may   have
42       MD5-encrypted  passwords  while  others in the same file may have pass‐
43       words encrypted with crypt().
44
45
46       This manual page only lists the command line arguments. For details  of
47       the  directives necessary to configure user authentication in httpd see
48       the Apache manual, which is part of the Apache distribution or  can  be
49       found at http://httpd.apache.org/.
50
51
52

OPTIONS

54       -b     Use  batch  mode;  i.e.,  get the password from the command line
55              rather than prompting for it. This option should  be  used  with
56              extreme  care, since the password is clearly visible on the com‐
57              mand line.
58
59       -c     Create the passwdfile.  If  passwdfile  already  exists,  it  is
60              rewritten and truncated. This option cannot be combined with the
61              -n option.
62
63       -n     Display the results on standard output rather  than  updating  a
64              file.  This is useful for generating password records acceptable
65              to Apache for inclusion in non-text  data  stores.  This  option
66              changes  the  syntax  of  the command line, since the passwdfile
67              argument (usually the first one) is omitted. It cannot  be  com‐
68              bined with the -c option.
69
70       -m     Use  MD5  encryption for passwords. On Windows, Netware and TPF,
71              this is the default.
72
73       -d     Use crypt() encryption for passwords. The default on  all  plat‐
74              forms but Windows, Netware and TPF. Though possibly supported by
75              htpasswd on all platforms, it is  not  supported  by  the  httpd
76              server on Windows, Netware and TPF.
77
78       -s     Use  SHA encryption for passwords. Facilitates migration from/to
79              Netscape servers using the  LDAP  Directory  Interchange  Format
80              (ldif).
81
82       -p     Use  plaintext  passwords. Though htpasswd will support creation
83              on all platforms, the httpd daemon will only accept  plain  text
84              passwords on Windows, Netware and TPF.
85
86       -D     Delete  user.  If  the username exists in the specified htpasswd
87              file, it will be deleted.
88
89       passwdfile
90              Name of the file to contain the user name and password. If -c is
91              given,  this  file  is  created if it does not already exist, or
92              rewritten and truncated if it does exist.
93
94       username
95              The username to create or update in passwdfile. If username does
96              not exist in this file, an entry is added. If it does exist, the
97              password is changed.
98
99       password
100              The plaintext password to be encrypted and stored in  the  file.
101              Only used with the -b flag.
102
103

EXIT STATUS

105       htpasswd  returns  a  zero status ("true") if the username and password
106       have been successfully added or updated  in  the  passwdfile.  htpasswd
107       returns 1 if it encounters some problem accessing files, 2 if there was
108       a syntax problem with the command line, 3 if the password  was  entered
109       interactively  and the verification entry didn't match, 4 if its opera‐
110       tion was interrupted, 5 if a value is  too  long  (username,  filename,
111       password, or final computed record), 6 if the username contains illegal
112       characters (see the Restrictions section), and 7 if the file is  not  a
113       valid password file.
114
115

EXAMPLES

117             htpasswd /usr/local/etc/apache/.htpasswd-users jsmith
118
119
120
121       Adds or modifies the password for user jsmith. The user is prompted for
122       the password. If executed on a Windows system,  the  password  will  be
123       encrypted  using the modified Apache MD5 algorithm; otherwise, the sys‐
124       tem's crypt() routine will  be  used.  If  the  file  does  not  exist,
125       htpasswd will do nothing except return an error.
126
127
128             htpasswd -c /home/doe/public_html/.htpasswd jane
129
130
131
132       Creates a new file and stores a record in it for user jane. The user is
133       prompted for the password. If the file exists and cannot  be  read,  or
134       cannot  be  written, it is not altered and htpasswd will display a mes‐
135       sage and return an error status.
136
137
138             htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve
139
140
141
142       Encrypts the password from the command line (Pwd4Steve) using  the  MD5
143       algorithm, and stores it in the specified file.
144
145

SECURITY CONSIDERATIONS

147       Web  password  files  such  as  those managed by htpasswd should not be
148       within the Web server's URI space -- that is, they should not be fetch‐
149       able with a browser.
150
151
152       This program is not safe as a setuid executable. Do not make it setuid.
153
154
155       The  use  of  the  -b  option is discouraged, since when it is used the
156       unencrypted password appears on the command line.
157
158
159       When using the crypt() algorithm, note that only the first 8 characters
160       of the password are used to form the password. If the supplied password
161       is longer, the extra characters will be silently discarded.
162
163
164       The SHA encryption format does not use salting: for a  given  password,
165       there is only one encrypted representation. The crypt() and MD5 formats
166       permute the representation by prepending a random salt string, to  make
167       dictionary attacks against the passwords more difficult.
168
169

RESTRICTIONS

171       On the Windows and MPE platforms, passwords encrypted with htpasswd are
172       limited to no more than 255 characters in length. Longer passwords will
173       be truncated to 255 characters.
174
175
176       The  MD5 algorithm used by htpasswd is specific to the Apache software;
177       passwords encrypted using it will not be usable with other Web servers.
178
179
180       Usernames are limited to 255 bytes and may not include the character :.
181
182
183
184
185Apache HTTP Server                2007-04-24                       HTPASSWD(1)