Htpasswd
htpasswd is a program that manages files with users/passwords, and permission groups. The format is very simple, and like the /etc/passwd
file, passwords are stored as salted password-hashes.
Documentation
official docs https://httpd.apache.org/docs/current/programs/htpasswd.html
Libraries
python htpasswd
Install
Archlinux
pacaur -S apache-tools # alternatively pip install htpasswd
Usage
basics
Add 'username' to /path/htpasswd (prompts for password)
htpasswd /path/htpasswd username # md5 htpasswd -B /path/htpasswd username # bcryptencryption types
You probably want to use a more secure hashing algorithm than the default (md5). The availability of hashing algorithms depends on the program reading the file.
nginx, for example uses the system's
crypt
library. On linux, you'll probably wantsha-512
, on BSDs you can usebcrypt
(better).If your program supports it, you can add other encryption types by hand to your
htpasswd
file. The simplest way to do this is installmkpasswd
(NOT mkpasswd.pl).generate a password hash
generate password hash from cli
# install mkpasswd apt-get install whois # debian pacaur -S mkpasswd # generate passwords mkpasswd -m help # list avail hash-types mkpasswd -m sha-512 -s 'your-salt' 'your-password' # generate sha-512 pw-hash # $6$ARMeJsD0oLy$GajBGvf3Mo7sEkBcCAAwS/9hMBQv8yy/nH3nhe2oR2hHuFI5/hoghgRHewVkto7WgKmEw3R29A2CXMT9cUuef0 # you can also generate passwords in python-3.3+ (see hash_type)generate password hash from python
See python crypt for details.
python3 -c 'import crypt; print(crypt.crypt("password"))'
add password for user# your htpasswd file username:$6$ARMeJsD0oLy$GajBGvf3Mo7sEkBcCAAwS/9hMBQv8yy/nH3nhe2oR2hHuFI5/hoghgRHewVkto7WgKmEw3R29A2CXMT9cUuef0
Examples
group authentication (nginx)
- create master .htpasswd file
- create master .htgroup file
- write a script that produces a separate .htpasswd file for each group. This file will be used for nginx.
htpasswd /my/htpasswd myseconduser
References
user/groups howto (apache) | http://blog.secaserver.com/2012/10/linux-add-user-group-htpasswd/ |
user/groups howto (nginx) | https://stackoverflow.com/questions/11074766/nginx-group-http-auth |