<!-- $LastChangedRevision$ -->
<!--
- Copyright 2003-2005 The Apache Software Foundation or its licensors, as
- applicable.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
one) is omitted. It cannot be combined with the <code>-c</code> option.</dd>
<dt><code>-m</code></dt>
- <dd>Use MD5 encryption for passwords. On Windows, Netware and TPF, this is
- the default.</dd>
+ <dd>Use MD5 encryption for passwords. This is the default.</dd>
<dt><code>-d</code></dt>
- <dd>Use <code>crypt()</code> encryption for passwords. The default on all
- platforms but Windows, Netware and TPF. Though possibly supported by
- <code>htpasswd</code> on all platforms, it is not supported by the
- <program>httpd</program> server on Windows, Netware and TPF.</dd>
+ <dd>Use <code>crypt()</code> encryption for passwords. This is not
+ supported by the <program>httpd</program> server on Windows and
+ Netware.</dd>
<dt><code>-s</code></dt>
<dd>Use SHA encryption for passwords. Facilitates migration from/to Netscape
<dt><code>-p</code></dt>
<dd>Use plaintext passwords. Though <code>htpasswd</code> will support
creation on all platforms, the <program>httpd</program> daemon will
- only accept plain text passwords on Windows, Netware and TPF.</dd>
+ only accept plain text passwords on Windows and Netware.</dd>
<dt><code>-D</code></dt>
<dd>Delete user. If the username exists in the specified htpasswd file, it
</example>
<p>Adds or modifies the password for user <code>jsmith</code>. The user
- is prompted for the password. If executed on a Windows system, the password
- will be encrypted using the modified Apache MD5 algorithm; otherwise, the
- system's <code>crypt()</code> routine will be used. If the file does not
- exist, <code>htpasswd</code> will do nothing except return an error.</p>
+ is prompted for the password. The password will be encrypted using the
+ modified Apache MD5 algorithm. If the file does not exist,
+ <code>htpasswd</code> will do nothing except return an error.</p>
<example>
htpasswd -c /home/doe/public_html/.htpasswd jane
will display a message and return an error status.</p>
<example>
- htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve
+ htpasswd -db /usr/web/.htpasswd-all jones Pwd4Steve
</example>
<p>Encrypts the password from the command line (<code>Pwd4Steve</code>)
- using the MD5 algorithm, and stores it in the specified file.</p>
+ using the <code>crypt()</code> algorithm, and stores it in the specified
+ file.</p>
</section>
<section id="security"><title>Security Considerations</title>
<em>not</em> be within the Web server's URI space -- that is, they should
not be fetchable with a browser.</p>
+ <p>This program is not safe as a setuid executable. Do <em>not</em> make it
+ setuid.</p>
+
<p>The use of the <code>-b</code> option is discouraged, since when it is
used the unencrypted password appears on the command line.</p>
</section>
<section id="restrictions"><title>Restrictions</title>
- <p>On the Windows and MPE platforms, passwords encrypted with
+ <p>On the Windows platform, passwords encrypted with
<code>htpasswd</code> are limited to no more than <code>255</code>
characters in length. Longer passwords will be truncated to 255
characters.</p>