htpasswd is a program that manages files with users/passwords, and permission groups. The format is very simple, and like the /etc/passwd file, passwords are stored as salted password-hashes.

Documentation

official docs

https://httpd.apache.org/docs/current/programs/htpasswd.html

Libraries

python htpasswd

Install

Archlinux

pacaur -S apache-tools

# alternatively
pip install htpasswd

Usage

basics

Add 'username' to /path/htpasswd (prompts for password)

htpasswd    /path/htpasswd username  # md5 
htpasswd -B /path/htpasswd username  # bcrypt

encryption types

You probably want to use a more secure hashing algorithm than the default (md5). The availability of hashing algorithms depends on the program reading the file.

nginx, for example uses the system's crypt library. On linux, you'll probably want sha-512, on BSDs you can use bcrypt (better).

If your program supports it, you can add other encryption types by hand to your htpasswd file. The simplest way to do this is install mkpasswd (NOT mkpasswd.pl).

generate a password hash

generate password hash from cli

# install mkpasswd
apt-get install whois  # debian
pacaur -S mkpasswd

# generate passwords
mkpasswd -m help                                    # list avail hash-types
mkpasswd -m sha-512 -s 'your-salt' 'your-password'  # generate sha-512 pw-hash
# $6$ARMeJsD0oLy$GajBGvf3Mo7sEkBcCAAwS/9hMBQv8yy/nH3nhe2oR2hHuFI5/hoghgRHewVkto7WgKmEw3R29A2CXMT9cUuef0

# you can also generate passwords in python-3.3+ (see hash_type)

generate password hash from python

See python crypt for details.

python3 -c 'import crypt; print(crypt.crypt("password"))'

add password for user

# your htpasswd file
username:$6$ARMeJsD0oLy$GajBGvf3Mo7sEkBcCAAwS/9hMBQv8yy/nH3nhe2oR2hHuFI5/hoghgRHewVkto7WgKmEw3R29A2CXMT9cUuef0

Examples

group authentication (nginx)

• create master .htpasswd file
• create master .htgroup file
• write a script that produces a separate .htpasswd file for each group. This file will be used for nginx.

htpasswd /my/htpasswd myseconduser

References