.htpasswd is a flat-file used to store usernames and password for basic authentication of Apache HTTP Server. The name of the file is given by in the .htaccess configuration, and can be anything, but ".htpasswd" is the canonical name. The file name starts with a dot, because most Unix-like operating systems consider any file that begins with dot to be hidden. This file is often maintained with the shell command "htpasswd" which can add, delete, and update users, and will properly encode the password for use (so that it is easily checked, but not reversed back to the original password).
The file consists of rows, each row corresponds to a pair of username and hashed password separated with the colon in between. The hash is typically "UNIX crypt" style with MD5 or SHA1 as common alternatives.
Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd. (ref:: wikipedia)
The file consists of rows, each row corresponds to a pair of username and hashed password separated with the colon in between. The hash is typically "UNIX crypt" style with MD5 or SHA1 as common alternatives.
Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd. (ref:: wikipedia)
Create a new htpasswd file
Following command will create a new file and stores a record in it for username "jerry". The user is prompted for the password. If the file exists and cannot be read or cannot be over-written, it is not altered and htpasswd will display an error message.
# htpasswd -c /home/pwww/.htpasswd jerryChange or update htpasswd
To modifies the password for username "jerry", enter:
# htpasswd /home/pwww/.htpasswd jerry
The user is prompted for the password.
.htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. The original purpose of .htaccess - reflected in its name - was to allow per-directory access control, by for example requiring a password to access the content. (ref:: wikipedia)
Inside the folder ment to be kept secure place this .htaccess file with the following codes in it.
The AuthUserFile is the path where the .htpasswd file is placed for .htaccess to use for authentication.
Note: the ".htpasswd" can aslo be named as "filename.htpasswd" for easy identification.
Example: "softwaretools.htpasswd" for us to easily identify that the password stored inside is for the folder where software tools are stored.
Add another user to htpasswd
To modifies the password for username "tom", enter:
The user is prompted for the password.# htpasswd /home/pwww/.htpasswd tom.htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. The original purpose of .htaccess - reflected in its name - was to allow per-directory access control, by for example requiring a password to access the content. (ref:: wikipedia)
Inside the folder ment to be kept secure place this .htaccess file with the following codes in it.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /etc/apache2/.htpasswd
Require valid-userThe AuthUserFile is the path where the .htpasswd file is placed for .htaccess to use for authentication.
Note: the ".htpasswd" can aslo be named as "filename.htpasswd" for easy identification.
Example: "softwaretools.htpasswd" for us to easily identify that the password stored inside is for the folder where software tools are stored.
No comments:
Post a Comment