htpasswd
Create and update user authentication files
TLDR
Create/overwrite htpasswd file
Add user to htpasswd file or update existing user
Add user to htpasswd file in batch mode without an interactive password prompt (for script usage)
Delete user from htpasswd file
Verify user password
Display a string with username (plain text) and password (md5)
SYNOPSIS
htpasswd [ options ] passwordfile username
PARAMETERS
-c
Create a new password file. If the file already exists, it will be overwritten. Use with caution!
-n
Do not update the password file; instead, display the results on standard output.
-m
Force MD5 encryption of the password (default on some systems, but strongly discouraged due to security risks).
-d
Force CRYPT encryption of the password.
-s
Force SHA1 encryption of the password (discouraged).
-p
Do not encrypt passwords, use plaintext.
-B
Force bcrypt encryption of the password (recommended).
-r
Force APR MD5 encryption of the password.
-D
Delete username from the password file.
-v
Verbose mode.
-b
Use batch mode; read username and password from command line (less secure).
passwordfile
The path to the password file.
username
The username to add or modify.
password
The password for the user (only when using -b).
DESCRIPTION
The htpasswd command is used to create and update the username/password authentication files used by Apache HTTP Server. These files store usernames and encrypted passwords that Apache can use to authenticate users trying to access restricted areas of a website. htpasswd provides a simple and secure way to manage user credentials without storing them directly in the Apache configuration files. It supports various password encryption algorithms like bcrypt, SHA1, and MD5 (though MD5 is highly discouraged due to security vulnerabilities). It's crucial to choose a strong encryption method and to regularly update passwords for better security. When adding or modifying users, htpasswd ensures proper formatting of the authentication file, which is essential for Apache to correctly interpret the data. The tool is essential for basic authentication schemes for web servers running Apache.
CAVEATS
Storing passwords in MD5 or SHA1 is highly discouraged due to security vulnerabilities. Always use bcrypt or a more secure algorithm. Also be aware when using the -b parameter since the password can be seen on the command line.
EXAMPLES
Creating a new htpasswd file:htpasswd -c .htpasswd username
Adding a user to an existing file:htpasswd .htpasswd username
Deleting a user:htpasswd -D .htpasswd username
SECURITY CONSIDERATIONS
Always choose strong passwords and use bcrypt encryption for enhanced security. Protect the .htpasswd file by restricting access with appropriate file permissions to prevent unauthorized modifications.
SEE ALSO
apache2(8)