htpasswd.html revision 1186524bae33a38ae07135ddb98b7724c391d80b
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<HTML><HEAD><TITLE>Manual Page: htpasswd - Apache HTTP Server</TITLE></HEAD>
f0aad5341752aefe5059832f6cf3abc3283c6e16Tinderbox User<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF"
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User<!--#include virtual="header.html" -->
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User<!-- This document was autogenerated from the man page -->
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews htpasswd - Create and update user authentication files
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <strong>htpasswd </strong>[ -<strong>c </strong>] [ -<strong>m </strong>] <em>passwdfile username</em>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <strong>htpasswd </strong>-<strong>b </strong>[ -<strong>c </strong>] [ -<strong>m </strong>| -<strong>d </strong>| -<strong>p </strong>| -<strong>s </strong>] <em>passwdfile username</em>
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User <strong>htpasswd </strong>-<strong>n </strong>[ -<strong>m </strong>| -<strong>d </strong>| -<strong>s </strong>| -<strong>p </strong>] <em>username</em>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <strong>htpasswd </strong>-<strong>nb </strong>[ -<strong>m </strong>| -<strong>d </strong>| -<strong>s </strong>| -<strong>p </strong>] <em>username password</em>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <strong>htpasswd </strong>is used to create and update the flat-files used to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews store usernames and password for basic authentication of
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews HTTP users. If <strong>htpasswd </strong>cannot access a file, such as not
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews being able to write to the output file or not being able to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews read the file in order to update it, it returns an error
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews status and makes no changes.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Resources available from the <strong>httpd </strong>Apache web server can be
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt restricted to just the users listed in the files created by
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <strong>htpasswd. </strong>This program can only manage usernames and pass-
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews words stored in a flat-file. It can encrypt and display
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews password information for use in other types of data stores,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews though. To use a DBM database see <strong>dbmmanage</strong>.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <strong>htpasswd </strong>encrypts passwords using either a version of MD5
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews modified for Apache, or the system's <em>crypt</em>() routine. Files
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User managed by <strong>htpasswd </strong>may contain both types of passwords;
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User some user records may have MD5-encrypted passwords while
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User others in the same file may have passwords encrypted with
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User This manual page only lists the command line arguments. For
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User details of the directives necessary to configure user
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User authentication in <strong>httpd </strong>see the Apache manual, which is part
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews of the Apache distribution or can be found at
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User -b Use batch mode; <em>i</em>.<em>e</em>., get the password from the command
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User line rather than prompting for it. <strong>This option should</strong>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <strong>be used with extreme care, since the password is</strong>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <strong>clearly visible on the command line.</strong>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews -c Create the <em>passwdfile</em>. If <em>passwdfile </em>already exists, it
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User is rewritten and truncated. This option cannot be com-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User -n Display the results on standard output rather than
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User updating a file. This is useful for generating pass-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User word records acceptable to Apache for inclusion in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User non-text data stores. This option changes the syntax
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User of the command line, since the <em>passwdfile </em>argument
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User (usually the first one) is omitted. It cannot be com-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User -m Use MD5 encryption for passwords. On Windows and TPF,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User this is the default.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User -d Use crypt() encryption for passwords. The default on
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User all platforms but Windows and TPF. Though possibly sup-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User ported by <strong>htpasswd </strong>on all platforms, it is not sup-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User ported by the <strong>httpd </strong>server on Windows and TPF.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User -s Use SHA encryption for passwords. Faciliates migration
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User from/to Netscape servers using the LDAP Directory
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Interchange Format (ldif).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User -p Use plaintext passwords. Though <strong>htpasswd </strong>will support
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User creation on all platofrms, the <strong>httpd </strong>deamon will only
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User accept plain text passwords on Windows and TPF.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Name of the file to contain the user name and password.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User If -c is given, this file is created if it does not
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User already exist, or rewritten and truncated if it does
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The username to create or update in <strong>passwdfile</strong>. If
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <em>username </em>does not exist in this file, an entry is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User added. If it does exist, the password is changed.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The plaintext password to be encrypted and stored in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the file. Only used with the -<em>b </em>flag.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <strong>htpasswd </strong>returns a zero status ("true") if the username and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User password have been successfully added or updated in the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <em>passwdfile</em>. <strong>htpasswd </strong>returns 1 if it encounters some prob-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User lem accessing files, 2 if there was a syntax problem with
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the command line, 3 if the password was entered interac-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User tively and the verification entry didn't match, 4 if its
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User operation was interrupted, 5 if a value is too long (user-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User name, filename, password, or final computed record), and 6
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User if the username contains illegal characters (see the <strong>RES-</strong>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <strong>htpasswd /usr/local/etc/apache/.htpasswd-users jsmith</strong>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Adds or modifies the password for user <em>jsmith</em>. The user
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User is prompted for the password. If executed on a Windows
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User system, the password will be encrypted using the modi-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User fied Apache MD5 algorithm; otherwise, the system's
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User <em>crypt</em>() routine will be used. If the file does not
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User exist, <strong>htpasswd </strong>will do nothing except return an error.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <strong>htpasswd -c /home/doe/public_html/.htpasswd jane</strong>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Creates a new file and stores a record in it for user
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <em>jane</em>. The user is prompted for the password. If the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews file exists and cannot be read, or cannot be written,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User it is not altered and <strong>htpasswd </strong>will display a message
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and return an error status.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <strong>htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve</strong>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Encrypts the password from the command line (<em>Pwd4Steve</em>)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt using the MD5 algorithm, and stores it in the specified
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Web password files such as those managed by <strong>htpasswd </strong>should
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <strong>not </strong>be within the Web server's URI space -- that is, they
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User should not be fetchable with a browser.
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User The use of the -<em>b </em>option is discouraged, since when it is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User used the unencrypted password appears on the command line.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews On the Windows and MPE platforms, passwords encrypted with
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <strong>htpasswd </strong>are limited to no more than 255 characters in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User length. Longer passwords will be truncated to 255 charac-
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The MD5 algorithm used by <strong>htpasswd </strong>is specific to the Apache
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrews software; passwords encrypted using it will not be usable
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User with other Web servers.
f7b41fd9291b8f4dba27e2b57e1d93f0913a4f1dMark Andrews Usernames are limited to 255 bytes and may not include the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User character ':'.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <strong>httpd(8) </strong>and the scripts in support/SHA1 which come with the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User distribution.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<!--#include virtual="footer.html" -->