How to create a htpasswd file with encrypted password?

htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd. This program can only manage usernames and passwords stored in a flat-file.

To restrict access to certain HTTP resources, we need to create two files: .htaccess and .htpasswd (or equivalent per httpd.conf setting). The .htaccess file looks something like:

-- [.htaccess] file content begins --

AuthUserFile /location/of/.htpasswd
AuthName "Enter Password?"
AuthGroupFile /dev/null
AuthType Basic
require valid-user

-- [.htaccess] content ends --

Line 1 [AuthUserFile]: Location of .htpasswd file.
Line 2 [AuthGroupFile]: For multiple user names.
Line 3 [AuthName]: Title of the authentication message box that pops up.
Line 4 [AuthType]: The simplest authentication type.
Bottom 3 lines: A user who can access the limited resource.

The .htpasswd file can be generated using the htpasswd command as described below.

% htpasswd -c -m /path/to/.passwd {username}
New password: ******
Re-type new password: ******
Adding password for user {username}

htpasswd [ -c ] [ -m ] [ -D ] passwdfile username

htpasswd -b [ -c ] [ -m | -d | -p | -s ] [ -D ] passwdfile username password

htpasswd -n [ -m | -d | -s | -p ] username

htpasswd -nb [ -m | -d | -s | -p ] username password

Use batch mode; i.e., get the password from the command line rather than prompting for it. This option should be used with extreme care, since the password is clearly visible on the command line.

Create the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.

Display the results on standard output rather than updating a file. This is useful for generating password records acceptable to Apache for inclusion in non-text data stores. This option changes the syntax of the command line, since the passwdfile argument (usually the first one) is omitted. It cannot be combined with the -c option.

Use MD5 encryption for passwords. On Windows, Netware and TPF, this is the default.

Use crypt() encryption for passwords. The default on all platforms but Windows, Netware and TPF. Though possibly supported by htpasswd on all platforms, it is not supported by the httpd server on Windows, Netware and TPF.

Use SHA encryption for passwords. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif).

Use plaintext passwords. Though htpasswd will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows, Netware and TPF.

Delete user. If the username exists in the specified htpasswd file, it will be deleted.

Name of the file to contain the user name and password. If -c is given, this file is created if it does not already exist, or rewritten and truncated if it does exist.

The username to create or update in passwdfile. If username does not exist in this file, an entry is added. If it does exist, the password is changed.

The plaintext password to be encrypted and stored in the file. Only used with the -b flag.

See Apache Manual for details.
To generate encrypted htpasswd online, please visit Generate Password.



Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.