What is the best way to generate a htpasswd?

htpasswd is used to generate, store and update the file used for basic http authentication. To create a new password file from the command line;
# htpasswd -c /home/user/.htpasswd username
The previous command will generate a new file called .htpasswd in the users /home/user directory and store an entry in it for the users username and hashed password. The user is prompted for the password and then again a second time for the password which completes the entry.

To change or update the password in /home/user/.htpasswd
# htpasswd /home/user/.htpasswd username/
The user is prompted for the password twice and the password is then updated.

If you do not have the program installed to do this, an error will be returned;
The program 'htpasswd' can be found in the following packages:
* apache2-utils
* mini-httpd
Try: sudo apt-get install "selected package"

Select the apache2-utils to install by running the following command;
user@mycomputer:~$ sudo apt-get install apache2-utils
[sudo] password for user:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libapr1 libaprutil1
The following NEW packages will be installed:
apache2-utils libapr1 libaprutil1
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 361kB of archives.
After this operation, 922kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libapr1 1.3.8-1build1 [116kB] Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libaprutil1 1.3.9+dfsg-3build1 [85.4kB] Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main apache2-utils 2.2.14-5ubuntu8 [159kB] Fetched 361kB in 1s (285kB/s)
Selecting previously deselected package libapr1.
(Reading database ... 276361 files and directories currently installed.)
Unpacking libapr1 (from .../libapr1_1.3.8-1build1_i386.deb) ...
Selecting previously deselected package libaprutil1.
Unpacking libaprutil1 (from .../libaprutil1_1.3.9+dfsg-3build1_i386.deb) ...
Selecting previously deselected package apache2-utils.
Unpacking apache2-utils (from .../apache2-utils_2.2.14-5ubuntu8_i386.deb) ...
Processing triggers for man-db ...
Setting up libapr1 (1.3.8-1build1) ...

Setting up libaprutil1 (1.3.9+dfsg-3build1) ...

Setting up apache2-utils (2.2.14-5ubuntu8) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place

now try the command again using “password” as the password (don’t really use the word password for your password… derp)

user@mycomputer:~$ htpasswd -c /home/user/.htpasswd user
New password:
Re-type new password:
Adding password for user user
user@mycomputer:~$ cat /home/user/.htpasswd

When you cat the file, the username will be listed with the hashed password. To add a user to the existing file, simply run the command
user@mycomputer:~$ htpasswd /home/user/.htpasswd user
This will add a new user to the file without overwriting the existing file.
The -c creates a new password file. If password file already exists, it is overwritten and truncated or shortened. You can also use the -m parameter to force the md5 encryption of the password as opposed to just the basic apache authentication method.

Here is an online version using md5 to hash the password

Was this post helpful?