指令描述
htpasswd 是 apache2-utils 中用于管理生成基本身份验证(Basic Authentication)用户名密码文本文件的工具。
指令使用简介
注意事项
htpasswd: only one of -c -n -v -D may be specified
创建
方式一
$ sudo htpasswd -cbB mypasswordfile myusername mypasswd
Adding password for user myusername
- 创建一个新的文件:-c
- 直接使用命令行中的账号密码:-b
- 强制加密密码:-B
- 文件名:mypasswordfile
- 账号:myusername
- 密码:mypasswd
方式二
$ sudo htpasswd -cB mypasswordfile myusername
New password:
Re-type new password:
Adding password for user myusername
- 创建一个新的文件:-c
- 强制加密密码:-B
- 文件名:mypasswordfile
- 账号:myusername
界面上会提示输入两次密码,输入后即可添加完成。
追加
$ sudo htpasswd -bB mypasswordfile myusername2 mypasswd2
Adding password for user myusername2
- 直接使用命令行中的账号密码:-b
- 强制加密密码:-B
- 文件名:mypasswordfile
- 账号:myusername
- 密码:mypasswd
注意:追加一个新账户和创建的区别在于去掉 -c 新建文件的选项即可。
删除
$ sudo htpasswd -D mypasswordfile myusername
Deleting password for user myusername
- 删除指定账户:-D
- 文件名:mypasswordfile
- 账户名:myusername
帮助文档
Usage:
htpasswd [-cimBdpsDv] [-C cost] passwordfile username
htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password
htpasswd -n[imBdps] [-C cost] username
htpasswd -nb[mBdps] [-C cost] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-b Use the password from the command line rather than prompting for it.
-i Read password from stdin without verification (for script usage).
-m Force MD5 encryption of the password (default).
-B Force bcrypt encryption of the password (very secure).
-C Set the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 17).
-d Force CRYPT encryption of the password (8 chars max, insecure).
-s Force SHA encryption of the password (insecure).
-p Do not encrypt the password (plaintext, insecure).
-D Delete the specified user.
-v Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.