How to generate a htpasswd

Categories General Info

What is the best way to generate a htpasswd?

htpasswd is used to generate, store and update the file used for basic http authentication. To create a new password file from the command line;
# htpasswd -c /home/user/.htpasswd username
The previous command will generate a new file called .htpasswd in the users /home/user directory and store an entry in it for the users username and hashed password. The user is prompted for the password and then again a second time for the password which completes the entry.

To change or update the password in /home/user/.htpasswd
# htpasswd /home/user/.htpasswd username/
The user is prompted for the password twice and the password is then updated.

If you do not have the program installed to do this, an error will be returned;
The program 'htpasswd' can be found in the following packages:
* apache2-utils
* mini-httpd
Try: sudo apt-get install "selected package"

Select the apache2-utils to install by running the following command;
user@mycomputer:~$ sudo apt-get install apache2-utils
[sudo] password for user:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libapr1 libaprutil1
The following NEW packages will be installed:
apache2-utils libapr1 libaprutil1
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 361kB of archives.
After this operation, 922kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libapr1 1.3.8-1build1 [116kB]
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libaprutil1 1.3.9+dfsg-3build1 [85.4kB]
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main apache2-utils 2.2.14-5ubuntu8 [159kB]
Fetched 361kB in 1s (285kB/s)
Selecting previously deselected package libapr1.
(Reading database ... 276361 files and directories currently installed.)
Unpacking libapr1 (from .../libapr1_1.3.8-1build1_i386.deb) ...
Selecting previously deselected package libaprutil1.
Unpacking libaprutil1 (from .../libaprutil1_1.3.9+dfsg-3build1_i386.deb) ...
Selecting previously deselected package apache2-utils.
Unpacking apache2-utils (from .../apache2-utils_2.2.14-5ubuntu8_i386.deb) ...
Processing triggers for man-db ...
Setting up libapr1 (1.3.8-1build1) ...

Setting up libaprutil1 (1.3.9+dfsg-3build1) ...

Setting up apache2-utils (2.2.14-5ubuntu8) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
user@mycomputer:~$

now try the command again using “password” as the password (don’t really use the word password for your password… derp)

user@mycomputer:~$ htpasswd -c /home/user/.htpasswd user
New password:
Re-type new password:
Adding password for user user
user@mycomputer:~$ cat /home/user/.htpasswd
user:5UBsW0A43cEvs
user@mycomputer:~$

When you cat the file, the username will be listed with the hashed password. To add a user to the existing file, simply run the command
user@mycomputer:~$ htpasswd /home/user/.htpasswd user
This will add a new user to the file without overwriting the existing file.
The -c creates a new password file. If password file already exists, it is overwritten and truncated or shortened. You can also use the -m parameter to force the md5 encryption of the password as opposed to just the basic apache authentication method.

Here is an online version using md5 to hash the password