Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
XSPASSWD(1)		FreeBSD	General	Commands Manual		   XSPASSWD(1)

     xspasswd -- Manager for WWW authentication	passwords

     xspasswd [-b | -d]	[-l | -u] [-r] [-f filename] [username]

     `xspasswd'	is a program that lets you manage the usercode/password	data-
     base for the authentication feature of the	xs-httpd webserver.

     Authentication works very simply: if a file called	.xsauth	is present in
     the directory in which a file is going to be retrieved, then the remote
     user will be asked	for a usercode and password before the file is allowed
     to	be retrieved.  This program manages the	.xsauth	file. Using the	-f
     flag an alternative filename can be used; however these files are not au-
     tomatically recognised by the server as authentication files.

     The program accepts the mutually exclusive	arguments -l to	lock an	ac-
     count and -u to unlock an account.	Locked accounts	may not	be changed us-
     ing the web-interface (see	below).	By default all accounts	are unlocked.

     The other options are also	mutually exclusive: -b to store	passwords for
     basic authentication (the old method, where passwords will	be stored en-
     crypted, but sent over the	wire in	plain text) and	-d to store passwords
     for use with digest authentication	(where more sensitive information is
     stored on disk, but only the checksum of user and password	data is	sent
     over the wire).  However in this case password hashes are also stored to
     be	able to	handle basic authentication fallback in	case the client
     doesn't understand	digest authentication.

     For optimal security it is	suggested local	data is	never made accessible
     to	other users of the system and that authentication details and sensi-
     tive content are transferred over a secure	channel	(i.e. using https).
     In	this case digest authentication	does not add any additional security.

     Use the -r	option to remove a user	from the authentication	file.  Note
     that the options that control the account type will be ignored when -r is
     given. That is: the named account will be removed even if these options
     (locked, digest, ..) do not match.

     Change your current directory to the directory that you wish to protect
     with usercodes and	passwords. Note	that subdirectories of that subdirec-
     tory will also be protected.  Then, type `xspasswd'.  The program will
     ask you for a username (unless you	already	supplied this as an argument
     on	the command line). Next, the program asks for a	password for that
     username.The program will ask you to re-enter the password	after you have
     given it. When you	have done this,	the program will update	(or create)
     the .xsauth file.

     By	running	the program again, you can add as many usercodes and passwords
     as	you wish. You can also use this	program	to change passwords. Just type
     an	existing username when the program prompts you for a username. You do
     not have to enter the old password. Be aware that the locked status and
     digest hash may be	lost if	you don't specify -l and -d when changing a
     password, since the options default to -u and -b.

     The xspasswd utility exits	0 on success, and >0 if	an error occurs.

     httpd(1), xschpass(1), xsauth(5)

     The project homepage:

     HTTP Authentication: Basic	and Digest Access Authentication, RFC 2617,
     June 1999.

xs-httpd/3.5			March 26, 1996			  xs-httpd/3.5


Want to link to this manual page? Use this URL:

home | help