Apache | Access Permissions | Creating a Password File (htpasswd)

Tags:

• Apache
• Web

Create the password file referenced during user authentication and add a new user to it.

Command for creating a password file

The file referenced during user authentication is the password file. User names and passwords are registered as pairs. The password file is actually a text file, but it is created with htpasswd.exe, which is provided by Apache.

htpasswd.exe is included in (Apache installation directory)\Apache24\bin.

C:\apache\Apache24\bin>dir
 C 드라이브의 볼륨에는 이름이 없습니다.
 볼륨 일련 번호: XXXX-XXXX

 C:\apache\Apache24\bin 디렉터리

2019-11-26  오후 10:39    <DIR>          .
2019-11-26  오후 10:39    <DIR>          ..
2019-08-09  오후 11:47            97,280 ab.exe
2019-08-09  오후 11:47           109,056 abs.exe
2019-08-09  오후 11:47            41,984 ApacheMonitor.exe
2019-08-09  오후 11:47            18,432 apr_crypto_openssl-1.dll
2019-08-09  오후 11:47            31,232 apr_dbd_odbc-1.dll
2019-08-09  오후 11:47            14,848 apr_ldap-1.dll
2019-08-09  오후 11:50             9,192 dbmmanage.pl
2019-08-09  오후 11:47           100,352 htcacheclean.exe
2019-08-09  오후 11:47           123,392 htdbm.exe
2019-08-09  오후 11:47            84,992 htdigest.exe
2019-08-09  오후 11:47           117,760 htpasswd.exe <<<<<<<<<<<<<<<<<<<<<<< 여기 있다.
2019-08-09  오후 11:50            29,696 httpd.exe
2019-08-09  오후 11:47            65,024 httxt2dbm.exe

... omitted ...

2019-04-05  오후 07:30            86,016 zlib1.dll
              30개 파일           9,142,248 바이트
               3개 디렉터리  453,122,154,496 바이트 남음

C:\apache\Apache24\bin>

On Windows, run it from Command Prompt. The execution format is as follows.

htpasswd option password-file user-name

Specify the password file to create and the user name to add. To create a new password file, specify the -c option. To add a user to an existing password file, do not specify any option.

When creating a new password file:

htpasswd -c "C:\apache\passwd\passfile" devkuma

When adding a user:

htpasswd "C:\apache\passwd\passfile" kimkc

Creating a new password file

Now create a new password file. First open Command Prompt, move to (Apache installation directory)\Apache24\bin, and run htpasswd -c "C:\apache\passwd\passfile" devkuma.

Before running the command, the directory for the file to be created must already exist. If the directory does not exist, an error occurs as follows.

C:\apache\Apache24\bin>htpasswd -c "C:\apache\passwd\passfile" devkuma
htpasswd: cannot create file C:\apache\passwd\passfile

If the command runs without problems, a password prompt is displayed as follows.

C:\apache\Apache24\bin>htpasswd -c "C:\apache\passwd\passfile" devkuma
New password: 

Enter the new password for the user to add. Then a password prompt is displayed again for confirmation.

C:\apache\Apache24\bin>htpasswd -c "C:\apache\passwd\passfile" devkuma
New password: ****
Re-type new password: 

Enter the same password again.

C:\apache\Apache24\bin>htpasswd -c "C:\apache\passwd\passfile" devkuma
New password: ****
Re-type new password: ****
Adding password for user devkuma

C:\apache\Apache24\bin>

If the confirmation is entered correctly, the new password file is created and one account is added.

Adding a user

To add a user to an existing password file, run the command without -c. Be careful, because using -c creates a new password file and removes the existing registered user information.

C:\apache\Apache24\bin>htpasswd "C:\apache\passwd\passfile" kimkc
New password: ****
Re-type new password: ****
Adding password for user kimkc

C:\apache\Apache24\bin>

The way to enter the command is the same as when creating a new password file.

Checking the password file

Now check the contents of the created password file. It is a text file, so it can be opened with a text editor.

devkuma:$apr1$H.4gZ1un$LTl9FvfcbxRrRKfqZ4Txy0
kimkc:$apr1$/P6swipC$60iAhelYy/0i6bVbhPHy5/

Two accounts, devkuma and kimkc, have been created. The passwords are encrypted, so their contents cannot be read.

Deleting a user

You can delete a user by deleting the corresponding line from the password file, but you can also delete a user with the -D option. The execution format is as follows.

htpasswd -D password-file user-name

Now delete the kimkc account.

htpasswd -D "C:\apache\passwd\passfile" kimkc

C:\apache\Apache24\bin>htpasswd -D "C:\apache\passwd\passfile" kimkc
Deleting password for user kimkc

C:\apache\Apache24\bin>

kimkc has been deleted. Open the password file to confirm.

devkuma:$apr1$H.4gZ1un$LTl9FvfcbxRrRKfqZ4Txy0

You can confirm that the kimkc line has been removed.

The password file is now ready. The next page explains how to run authentication.