htpasswd 中文man页面-.htpasswd

NAME(名称)

htpasswd - 创建和更新用户认证文件

SYNOPSIS(总览)

htpasswd [ -c ] [ -m | -d | -s | -p ] passwdfile username
htpasswd -b [ -c ] [ -m | -d | -s | -p ] passwdfile username password

DESCRIPTION(描述)

htpasswd 用来创建和更新保存着 HTTP用户基本认证的用户和密码的平面文件. 如果 htpasswd 不能访问文件,那么就不可能写入到输出文件, 也不可能读取文件以更新它, 它会返回错误状态并不作任何修改.

从 httpd Apache web服务器获取的资源只限于由 htpasswd 创建的文件中所列出的用户使用. 该程序只能用于用户名保存在平面文件的情况下. 要使用DBM数据库,请参看 dbmmanage.

htpasswd 的加密密码既可以使用针对Apache修改的MD5版本, 也可以使用系统的crypt()程序. 由 htpasswd 管理的文件可能同时包含两种类型的密码; 一些用户记录可使用MD5加密的密码, 而另一些用户记录可在同一文件中使用通过 crypt()加密的密码.

该手册页只列出了命令行的参数. 要获得关于在 httpd 中配置用户认证的必要指令的详细情况, 可参看Apache手册,它是Apache发布版本的一部分,你也可以在 <URL:http://www.apache.org/>上找到它.

OPTIONS(选项)

-b: 使用批处理模式;也即,从命令行上获取密码而不给出提示.该选项在使用时应特别小心, 因为密码是在命令行上清楚可见的.
-c: 创建passwdfile.如果passwdfile 已经存在,那么它会重新写入并删去原有内容.
-m: 密码使用Apache修改的MD5算法. 使用这种算法加密的密码可以移植到运行Apache 1.3.9或更新版本的任何平台上(Windows,Unix,BeOS,等等). 在Windows和TPF上,该标识是默认的.
-d: 密码使用crypt()加密.这是除了Windows和TPF 之外的所有平台上的默认值.尽管这可被所有平台上的 htpasswd 支持,却不被Windows和TPF上的 httpd 服务器所支持.
-s: 密码使用SHA加密方法.这种方式移植于Netscape服务器, 使用的是LDAP目录交换格式(ldif).
-p: 使用普通文本格式的密码.尽管 htpasswd 可支持在所有平台上创建这种格式的密码, 却只有Windows和TPF上的 httpd 守护程序能够接受普通文本密码.
passwdfile: 包含用户名和密码的文件的名字. 如果给定了-c,那么会在其不存在的情况下创建该文件, 或者在其存在的情况下重新写入并删去原有内容.
username: 在passwdfile中创建或更新的用户名. 如果username在文件中不存在, 即创建一条记录. 如果已经存在,则修改其密码.
password: 文件中加密和存储的普通文本格式的密码. 只用于-b标识.

EXIT STATUS(退出状态)

如果在passwdfile中用户名和密码添加或更新成功, htpasswd 返回0状态("true"). 如果在存取文件时遇到某些问题 htpasswd 返回1, 如果在命令行中有语法错误, htpasswd 返回2, 如果交互式输入的密码与其验证项不匹配, htpasswd 返回3, 如果操作被中断, htpasswd 返回4, 如果某个值(用户名,文件名,密码或最终计算出的记录)太长, htpasswd 返回5, 如果用户名包含无效的字符(参看RESTRICTIONS部分), htpasswd 返回6.

EXAMPLES(示例)

htpasswd /usr/local/etc/apache/.htpasswd-users jsmith

: 为用户jsmith添加或修改密码. 会给出用户输入密码的提示. 如果在Windows系统上执行, 密码会使用修改的Apache MD5算法加密; 否则,会使用系统的 crypt()程序. 如果文件不存在, htpasswd 会不作任何修改并返回一条错误提示.

htpasswd -c /home/doe/public_html/.htpasswd jane

: 创建一个新的文件并将用户jane记录保存在其中. 会给出用户输入密码的提示. 如果文件存在但不能够读取,或者不能够写入, 那么它不会作修改,而且 htpasswd 会显示一条消息并返回一个错误状态.

htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve

: 使用MD5算法加密取自命令行的密码, 并将其保存到指定的文件中.

SECURITY CONSIDERATIONS(安全考虑)

Web密码文件如由 htpasswd 管理的这些应该不在Web服务器的URI空间范围之内 -- 也就是说, 浏览器不应该能够获取他们.

建议不要使用-b选项,因为使用该选项时未加密的密码出现在了命令行上.

RESTRICTIONS(限制)

在Windows和MPE平台上,使用 htpasswd 加密的密码的长度限制在255个字符以内. 超出此长度的密码会取前255个字符.

使用的MD5算法是Apache软件特有的; 使用它加密的密码对于其他Web服务器来说是不可用的.

用户名限制在255个字节以内,而且不能包含字符':'. q.SH SEE ALSO(另见) httpd(8) 以及随发布版本所带的support/SHA1下的脚本.

#p#

NAME

htpasswd - Manage user files for basic authentication

SYNOPSIS

htpasswd [ -c ] [ -m ] [ -D ] passwdfile username

htpasswd -b [ -c ] [ -m | -d | -p | -s ] [ -D ] passwdfile username password

htpasswd -n [ -m | -d | -s | -p ] username

htpasswd -nb [ -m | -d | -s | -p ] username password

SUMMARY

htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users. If htpasswd cannot access a file, such as not being able to write to the output file or not being able to read the file in order to update it, it returns an error status and makes no changes.

Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd. This program can only manage usernames and passwords stored in a flat-file. It can encrypt and display password information for use in other types of data stores, though. To use a DBM database see dbmmanage.

htpasswd encrypts passwords using either a version of MD5 modified for Apache, or the system's crypt() routine. Files managed by htpasswd may contain both types of passwords; some user records may have MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().

This manual page only lists the command line arguments. For details of the directives necessary to configure user authentication in httpd see the Apache manual, which is part of the Apache distribution or can be found at http://httpd.apache.org/.

OPTIONS

-b: Use batch mode; i.e., get the password from the command line rather than prompting for it. This option should be used with extreme care, since the password is clearly visible on the command line.
-c: Create the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.
-n: Display the results on standard output rather than updating a file. This is useful for generating password records acceptable to Apache for inclusion in non-text data stores. This option changes the syntax of the command line, since the passwdfile argument (usually the first one) is omitted. It cannot be combined with the -c option.
-m: Use MD5 encryption for passwords. On Windows, Netware and TPF, this is the default.
-d: Use crypt() encryption for passwords. The default on all platforms but Windows, Netware and TPF. Though possibly supported by htpasswd on all platforms, it is not supported by the httpd server on Windows, Netware and TPF.
-s: Use SHA encryption for passwords. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif).
-p: Use plaintext passwords. Though htpasswd will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows, Netware and TPF.
-D: Delete user. If the username exists in the specified htpasswd file, it will be deleted.
passwdfile: Name of the file to contain the user name and password. If -c is given, this file is created if it does not already exist, or rewritten and truncated if it does exist.
username: The username to create or update in passwdfile. If username does not exist in this file, an entry is added. If it does exist, the password is changed.
password: The plaintext password to be encrypted and stored in the file. Only used with the -b flag.

EXIT STATUS

htpasswd returns a zero status ("true") if the username and password have been successfully added or updated in the passwdfile. htpasswd returns 1 if it encounters some problem accessing files, 2 if there was a syntax problem with the command line, 3 if the password was entered interactively and the verification entry didn't match, 4 if its operation was interrupted, 5 if a value is too long (username, filename, password, or final computed record), 6 if the username contains illegal characters (see the Restrictions section), and 7 if the file is not a valid password file.

EXAMPLES

      htpasswd /usr/local/etc/apache/.htpasswd-users jsmith

Adds or modifies the password for user jsmith. The user is prompted for the password. If executed on a Windows system, the password will be encrypted using the modified Apache MD5 algorithm; otherwise, the system's crypt() routine will be used. If the file does not exist, htpasswd will do nothing except return an error.

      htpasswd -c /home/doe/public_html/.htpasswd jane

Creates a new file and stores a record in it for user jane. The user is prompted for the password. If the file exists and cannot be read, or cannot be written, it is not altered and htpasswd will display a message and return an error status.

      htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve

Encrypts the password from the command line (Pwd4Steve) using the MD5 algorithm, and stores it in the specified file.

SECURITY CONSIDERATIONS

Web password files such as those managed by htpasswd should not be within the Web server's URI space -- that is, they should not be fetchable with a browser.

The use of the -b option is discouraged, since when it is used the unencrypted password appears on the command line.

RESTRICTIONS

On the Windows and MPE platforms, passwords encrypted with htpasswd are limited to no more than 255 characters in length. Longer passwords will be truncated to 255 characters.

The MD5 algorithm used by htpasswd is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers.

Usernames are limited to 255 bytes and may not include the character :.