1HTDBM(1) htdbm HTDBM(1)
2
6 htdbm - Manipulate DBM password databases
7
10 htdbm [ -TDBTYPE ] [ -i ] [ -c ] [ -m | -B | -d | -s | -p ] [ -C cost ]
11 [ -t ] [ -v ] filename username
12 htdbm -b [ -TDBTYPE ] [ -c ] [ -m | -B | -d | -s | -p ] [ -C cost ] [
15 -t ] [ -v ] filename username password
16 htdbm -n [ -i ] [ -c ] [ -m | -B | -d | -s | -p ] [ -C cost ] [ -t ] [
19 -v ] username
20 htdbm -nb [ -c ] [ -m | -B | -d | -s | -p ] [ -C cost ] [ -t ] [ -v ]
23 username password
24 htdbm -v [ -TDBTYPE ] [ -i ] [ -c ] [ -m | -B | -d | -s | -p ] [ -C
27 cost ] [ -t ] [ -v ] filename username
28 htdbm -vb [ -TDBTYPE ] [ -c ] [ -m | -B | -d | -s | -p ] [ -C cost ] [
31 -t ] [ -v ] filename username password
32 htdbm -x [ -TDBTYPE ] filename username
35 htdbm -l [ -TDBTYPE ]
38
42 htdbm is used to manipulate the DBM format files used to store user‐
43 names and password for basic authentication of HTTP users via
44 mod_authn_dbm. See the dbmmanage documentation for more information
45 about these DBM files.
46
50 -b Use batch mode; i.e., get the password from the command line
51 rather than prompting for it. This option should be used with
52 extreme care, since the password is clearly visible on the com‐
53 mand line. For script use see the -i option.
54 -i Read the password from stdin without verification (for script
56 usage).
57 -c Create the passwdfile. If passwdfile already exists, it is
59 rewritten and truncated. This option cannot be combined with the
60 -n option.
61 -n Display the results on standard output rather than updating a
63 database. This option changes the syntax of the command line,
64 since the passwdfile argument (usually the first one) is omit‐
65 ted. It cannot be combined with the -c option.
66 -m Use MD5 encryption for passwords. On Windows and Netware, this
68 is the default.
69 -B Use bcrypt encryption for passwords. This is currently consid‐
71 ered to be very secure.
72 -C This flag is only allowed in combination with -B (bcrypt encryp‐
74 tion). It sets the computing time used for the bcrypt algorithm
75 (higher is more secure but slower, default: 5, valid: 4 to 31).
76 -d Use crypt() encryption for passwords. The default on all plat‐
78 forms but Windows and Netware. Though possibly supported by
79 htdbm on all platforms, it is not supported by the httpd server
80 on Windows and Netware. This algorithm is insecure by today's
81 standards.
82 -s Use SHA encryption for passwords. Facilitates migration from/to
84 Netscape servers using the LDAP Directory Interchange Format
85 (ldif). This algorithm is insecure by today's standards.
86 -p Use plaintext passwords. Though htdbm will support creation on
88 all platforms, the httpd daemon will only accept plain text
89 passwords on Windows and Netware.
90 -l Print each of the usernames and comments from the database on
92 stdout.
93 -v Verify the username and password. The program will print a mes‐
95 sage indicating whether the supplied password is valid. If the
96 password is invalid, the program exits with error code 3.
97 -x Delete user. If the username exists in the specified DBM file,
99 it will be deleted.
100 -t Interpret the final parameter as a comment. When this option is
102 specified, an additional string can be appended to the command
103 line; this string will be stored in the "Comment" field of the
104 database, associated with the specified username.
105 filename
107 The filename of the DBM format file. Usually without the exten‐
108 sion .db, .pag, or .dir. If -c is given, the DBM file is created
109 if it does not already exist, or updated if it does exist.
110 username
112 The username to create or update in passwdfile. If username does
113 not exist in this file, an entry is added. If it does exist, the
114 password is changed.
115 password
117 The plaintext password to be encrypted and stored in the DBM
118 file. Used only with the -b flag.
119 -TDBTYPE
121 Type of DBM file (SDBM, GDBM, DB, or "default").
122
125 One should be aware that there are a number of different DBM file for‐
126 mats in existence, and with all likelihood, libraries for more than one
127 format may exist on your system. The three primary examples are SDBM,
128 NDBM, GNU GDBM, and Berkeley/Sleepycat DB 2/3/4. Unfortunately, all
129 these libraries use different file formats, and you must make sure that
130 the file format used by filename is the same format that htdbm expects
131 to see. htdbm currently has no way of determining what type of DBM file
132 it is looking at. If used against the wrong format, will simply return
133 nothing, or may create a different DBM file with a different name, or
134 at worst, it may corrupt the DBM file if you were attempting to write
135 to it.
136 One can usually use the file program supplied with most Unix systems to
139 see what format a DBM file is in.
140
143 htdbm returns a zero status ("true") if the username and password have
144 been successfully added or updated in the DBM File. htdbm returns 1 if
145 it encounters some problem accessing files, 2 if there was a syntax
146 problem with the command line, 3 if the password was entered interac‐
147 tively and the verification entry didn't match, 4 if its operation was
148 interrupted, 5 if a value is too long (username, filename, password, or
149 final computed record), 6 if the username contains illegal characters
150 (see the Restrictions section), and 7 if the file is not a valid DBM
151 password file.
152
155 htdbm /usr/local/etc/apache/.htdbm-users jsmith
156 Adds or modifies the password for user jsmith. The user is prompted for
160 the password. If executed on a Windows system, the password will be
161 encrypted using the modified Apache MD5 algorithm; otherwise, the sys‐
162 tem's crypt() routine will be used. If the file does not exist, htdbm
163 will do nothing except return an error.
164 htdbm -c /home/doe/public_html/.htdbm jane
167 Creates a new file and stores a record in it for user jane. The user is
171 prompted for the password. If the file exists and cannot be read, or
172 cannot be written, it is not altered and htdbm will display a message
173 and return an error status.
174 htdbm -mb /usr/web/.htdbm-all jones Pwd4Steve
177 Encrypts the password from the command line (Pwd4Steve) using the MD5
181 algorithm, and stores it in the specified file.
182
185 Web password files such as those managed by htdbm should not be within
186 the Web server's URI space -- that is, they should not be fetchable
187 with a browser.
188 The use of the -b option is discouraged, since when it is used the
191 unencrypted password appears on the command line.
192 When using the crypt() algorithm, note that only the first 8 characters
195 of the password are used to form the password. If the supplied password
196 is longer, the extra characters will be silently discarded.
197 The SHA encryption format does not use salting: for a given password,
200 there is only one encrypted representation. The crypt() and MD5 formats
201 permute the representation by prepending a random salt string, to make
202 dictionary attacks against the passwords more difficult.
203 The SHA and crypt() formats are insecure by today's standards.
206
209 On the Windows platform, passwords encrypted with htdbm are limited to
210 no more than 255 characters in length. Longer passwords will be trun‐
211 cated to 255 characters.
212 The MD5 algorithm used by htdbm is specific to the Apache software;
215 passwords encrypted using it will not be usable with other Web servers.
216 Usernames are limited to 255 bytes and may not include the character :.
219Apache HTTP Server 2018-07-06 HTDBM(1)