.htpasswd is a flat-file used to store usernames and password for basic authentication on an Apache HTTP Server. The name of the file is given in the .htaccess configuration, and can be anything although ".htpasswd" is the canonical name. The file name starts with a dot, because most Unix-like operating systems consider any file that begins with dot to be hidden. The "htpasswd" command is used to create and manage ".htpasswd" file. With it, you can securely add, remove, and modify user entries, all while ensuring the passwords are securely encoded (easy to verify but hard to reverse to its original form).[1]
The file consists of rows, each row corresponding to a username, followed by a colon, followed by a string containing the hashed password optionally prepended by an algorithm specifier ("$2y$", "$apr1$" or "{SHA}") and/or salt. The hash historically used "UNIX crypt" style with MD5 or SHA1 as common alternatives, although as of version 2.2.18 a variant of MD5 is now the default.[2]
Athelstan:RLjXiyxx56D9s Mama:RLMzFazUFPVRE Papa:RL8wKTlBoVLKk
Resources available from the Apache HTTP Server can be restricted to just the users listed in the files created by htpasswd. The .htpasswd file can be used to protect the entire directory it is placed in, as well as particular files.
See also
- Apache HTTP Server
- Configuration file
- HTTP+HTML form-based authentication
References
- ↑ David, Jackson (July 30, 2023). "Mastering Htpasswd Command in Linux". Linux TLDR.
- ↑ "htpasswd - Manage user files for basic authentication". Retrieved 2013-11-30.
External links
- Apache: htpasswd - Manage user files for basic authentication
- htpasswd script in python (no need to install apache utils) - source code in Python
- JavaScript-based online Htpassword generator