Jul 102010

What is the best way to generate a htpasswd?

htpasswd is used to generate, store and update the file used for basic http authentication. To create a new password file from the command line;

# htpasswd -c /home/user/.htpasswd username

The previous command will generate a new file called .htpasswd in the users /home/user directory and store an entry in it for the users username and hashed password. The user is prompted for the password and then again a second time for the password which completes the entry.

To change or update the password in /home/user/.htpasswd

# htpasswd /home/user/.htpasswd username/

The user is prompted for the password twice and the password is then updated.

If you do not have the program installed to do this, an error will be returned;

The program 'htpasswd' can be found in the following packages:
 * apache2-utils
 * mini-httpd
Try: sudo apt-get install "selected package"

Select the apache2-utils to install by running the following command;

[email protected]:~$ sudo apt-get install apache2-utils
[sudo] password for user:
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following extra packages will be installed:
  libapr1 libaprutil1
The following NEW packages will be installed:
  apache2-utils libapr1 libaprutil1
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 361kB of archives.
After this operation, 922kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libapr1 1.3.8-1build1 [116kB]
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libaprutil1 1.3.9+dfsg-3build1 [85.4kB]
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main apache2-utils 2.2.14-5ubuntu8 [159kB]
Fetched 361kB in 1s (285kB/s)    
Selecting previously deselected package libapr1.
(Reading database ... 276361 files and directories currently installed.)
Unpacking libapr1 (from .../libapr1_1.3.8-1build1_i386.deb) ...
Selecting previously deselected package libaprutil1.
Unpacking libaprutil1 (from .../libaprutil1_1.3.9+dfsg-3build1_i386.deb) ...
Selecting previously deselected package apache2-utils.
Unpacking apache2-utils (from .../apache2-utils_2.2.14-5ubuntu8_i386.deb) ...
Processing triggers for man-db ...
Setting up libapr1 (1.3.8-1build1) ...

Setting up libaprutil1 (1.3.9+dfsg-3build1) ...

Setting up apache2-utils (2.2.14-5ubuntu8) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
[email protected]:~$

now try the command again using “password” as the password (don’t really use the word password for your password… derp)

[email protected]:~$ htpasswd -c /home/user/.htpasswd user
New password:
Re-type new password:
Adding password for user user
[email protected]:~$ cat /home/user/.htpasswd
[email protected]:~$

When you cat the file, the username will be listed with the hashed password. To add a user to the existing file, simply run the command

[email protected]:~$ htpasswd /home/user/.htpasswd user

This will add a new user to the file without overwriting the existing file.
The -c creates a new password file. If password file already exists, it is overwritten and truncated or shortened. You can also use the -m parameter to force the md5 encryption of the password as opposed to just the basic apache authentication method.

Here is an online version using md5 to hash the password

Share This!
 Posted by at 3:46 am

Sorry, the comment form is closed at this time.