Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
htpasswd(1)		    General Commands Manual		   htpasswd(1)

NAME
       htpasswd	- Create and update user authentication	files

SYNOPSIS
       htpasswd	[ -c ] [ -m | -d | -s |	-p ] passwdfile	username
       htpasswd	-b [ -c	] [ -m | -d | -s | -p ]	passwdfile username password
       htpasswd	-n [ -m	| -d | -s | -p ] username
       htpasswd	-nb [ -m | -d |	-s | -p	] username password

DESCRIPTION
       htpasswd	 is  used  to  create  and update the flat-files used to store
       usernames and password for basic	 authentication	 of  HTTP  users.   If
       htpasswd	 cannot	 access	a file,	such as	not being able to write	to the
       output file or not being	able to	read the file in order to  update  it,
       it returns an error status and makes no changes.

       Resources  available from the httpd Apache web server can be restricted
       to just the users listed	in the files created by	htpasswd.   This  pro-
       gram  can only manage usernames and passwords stored in a flat-file. It
       can encrypt and display password	information for	use in other types  of
       data stores, though.  To	use a DBM database see dbmmanage.

       htpasswd	 encrypts passwords using either a version of MD5 modified for
       Apache, or the system's crypt() routine.	 Files managed by htpasswd may
       contain	 both	types	of  passwords;	some  user  records  may  have
       MD5-encrypted passwords while others in the same	file  may  have	 pass-
       words encrypted with crypt().

       This  manual page only lists the	command	line arguments.	For details of
       the directives necessary	to configure user authentication in httpd  see
       the  Apache  manual, which is part of the Apache	distribution or	can be
       found at	<URL:http://httpd.apache.org/>.

OPTIONS
       -b     Use batch	mode; i.e., get	the password  from  the	 command  line
	      rather  than  prompting  for it. This option should be used with
	      extreme care, since the password is clearly visible on the  com-
	      mand line.

       -c     Create  the  passwdfile.	If  passwdfile	already	 exists, it is
	      rewritten	and truncated.	This option cannot  be	combined  with
	      the -n option.

       -n     Display  the  results  on	standard output	rather than updating a
	      file.  This is useful for	generating password records acceptable
	      to  Apache  for  inclusion in non-text data stores.  This	option
	      changes the syntax of the	command	 line,	since  the  passwdfile
	      argument	(usually the first one)	is omitted.  It	cannot be com-
	      bined with the -c	option.

       -m     Use Apache's modified MD5	algorithm  for	passwords.   Passwords
	      encrypted	 with this algorithm are transportable to any platform
	      (Windows,	Unix, BeOS, et cetera) running Apache 1.3.9 or	later.
	      On Windows and TPF, this flag is the default.

       -d     Use  crypt()  encryption for passwords. The default on all plat-
	      forms but	Windows	and TPF. Though	possibly supported by htpasswd
	      on  all  platforms,  it  is not supported	by the httpd server on
	      Windows and TPF.

       -s     Use SHA encryption for passwords.	Faciliates  migration  from/to
	      Netscape	servers	 using	the  LDAP Directory Interchange	Format
	      (ldif).

       -p     Use plaintext passwords. Though htpasswd will  support  creation
	      on  all  platforms, the httpd deamon will	only accept plain text
	      passwords	on Windows and TPF.

       passwdfile
	      Name of the file to contain the user name	and password. If -c is
	      given,  this  file  is  created if it does not already exist, or
	      rewritten	and truncated if it does exist.

       username
	      The username to create or	update in passwdfile. If username does
	      not exist	in this	file, an entry is added. If it does exist, the
	      password is changed.

       password
	      The plaintext password to	be encrypted and stored	in  the	 file.
	      Only used	with the -b flag.

EXIT STATUS
       htpasswd	 returns  a  zero status ("true") if the username and password
       have been successfully added or updated in  the	passwdfile.   htpasswd
       returns 1 if it encounters some problem accessing files,	2 if there was
       a syntax	problem	with the command line, 3 if the	password  was  entered
       interactively  and the verification entry didn't	match, 4 if its	opera-
       tion was	interrupted, 5 if a value is  too  long	 (username,  filename,
       password,  or  final  computed  record),	and 6 if the username contains
       illegal characters (see the RESTRICTIONS	section).

EXAMPLES
       htpasswd	/usr/local/etc/apache/.htpasswd-users jsmith

	      Adds or modifies the password for	 user  jsmith.	 The  user  is
	      prompted for the password.  If executed on a Windows system, the
	      password will be encrypted using the modified Apache  MD5	 algo-
	      rithm; otherwise,	the system's crypt() routine will be used.  If
	      the file does not	exist, htpasswd	will do	nothing	except	return
	      an error.

       htpasswd	-c /home/doe/public_html/.htpasswd jane

	      Creates a	new file and stores a record in	it for user jane.  The
	      user is prompted for the password.  If the file exists and  can-
	      not  be  read,  or  cannot  be  written,	it  is not altered and
	      htpasswd will display a message and return an error status.

       htpasswd	-mb /usr/web/.htpasswd-all jones Pwd4Steve

	      Encrypts the password from the command  line  (Pwd4Steve)	 using
	      the MD5 algorithm, and stores it in the specified	file.

SECURITY CONSIDERATIONS
       Web  password  files  such  as  those managed by	htpasswd should	not be
       within the Web server's URI space -- that is, they should not be	fetch-
       able with a browser.

       The  use	 of  the  -b  option is	discouraged, since when	it is used the
       unencrypted password appears on the command line.

RESTRICTIONS
       On the Windows and MPE platforms, passwords encrypted with htpasswd are
       limited	to  no	more  than 255 characters in length.  Longer passwords
       will be truncated to 255	characters.

       The MD5 algorithm used by htpasswd is specific to the Apache  software;
       passwords encrypted using it will not be	usable with other Web servers.

       Usernames  are  limited	to 255 bytes and may not include the character
       ':'.

SEE ALSO
       httpd(8)	and the	scripts	in support/SHA1	which come with	the  distribu-
       tion.

				 February 2004			   htpasswd(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXIT STATUS | EXAMPLES | SECURITY CONSIDERATIONS | RESTRICTIONS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=htpasswd&manpath=FreeBSD+7.2-RELEASE+and+Ports>

home | help