'htpasswd' is an Apache web server function rather than a Perl function. It
originated on UNIX but is also available for Win32. On Win32, usernames and
passwords are limited to 255 characters. I'm not sure that's really a limit
to be concerned about though...when was the last time you saw a
255-character username?
Although it appears to create a "different" password even when you enter the
same one, what is really different is the encryption string that is created.
htpasswd encrypts passwords so that password sniffers can not scan a system
and find the username:password pairs in plain text.
It is used in conjunction with a file in the protected directory (typically
called .htaccess, but not always) and another file on the server, preferably
a file that is not located within your HTML document root (usually something
like /usr/apache/htdocs/username).
The process goes like this:
1. Create a file in the directory that you wish
to password protect. For our purposes we'll
just call it the default ".htaccess"
2. Type the following to create a new password
protected account:
htpasswd -c /path/to/.htaccess <username>
Note: The -c flag is only needed when you
create the new user. If the user already
exists, -c is not necessary. Just think of
it as "-c equals create".
3. Your .htaccess file will look similar to this.
Please consult the Apache documentation to
see what the options are. This is the most
basic configuration. (Apache: www.apache.org)
AuthUserFile /path/outside/htmldocroot/passwordfile
AuthName "Subscribers"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
4. Now create the password for the user.
htpasswd <username> <password>
IMPORTANT: It is not considered a secure practice
to keep web password files within your HTML document
root. You don't want the file located anywhere that
is accessible with a browser via HTTP.
For full documentation, look here:
http://httpd.apache.org/docs-2.0/programs/htpasswd.html
Or in your local Apache administration guide.
Regards,
Scot Robnett
inSite Internet Solutions
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-----Original Message-----
From: Octavian Rasnita [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 02, 2002 2:06 AM
To: [EMAIL PROTECTED]
Subject: What is used htpasswd for?
Hi all,
Please tell me what is used the htpasswd program for.
I've seen that if I try to create a password file with the same password and
the same username, it creates different crypted passwords.
I've tried to use some switches to see if it works fine with some of them
but with the same results.
1. Example 1:
htpasswd -mc file teddy
It resulted 2 different strings for the same username and password:
teddy:$apr1$Mq3.....$j8QQNRoh7YaKtBt.wzTsF.
teddy:$apr1$er3.....$mM28Rf52RLUDVhJVVAuRt0
2. Example 2, the same:
htpasswd -c file teddy
teddy:$apr1$4w3.....$MVCVlvqfYLsxFxod0u433.
teddy:$apr1$cx3.....$UTrNklcyZvkObvMQOmbBK1
3. Example 3, the same:
htpasswd -cd file teddy
teddy:$apr1$G14.....$7TFByMvUiwU15y4M2IDbv.
teddy:$apr1$/34.....$87.InozPs7UF8PfCYpdCF.
I've seen that the htdigest program creates the same string but what is used
htpasswd for in this case?
Thank you.
Teddy,
[EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.365 / Virus Database: 202 - Release Date: 5/24/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.365 / Virus Database: 202 - Release Date: 5/24/2002
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
