The htpasswd command-line utility is used to create or update password files that store users and their corresponding hashed passwords.
Primarily used for authentication files in the Apache HTTP server to protect users access to certain directories or applications on a web server.
However, you can also use it in other scenarios where you require a user and hashed password (in βuser:passwordhashβ format) in your applications or config files.
Tutorial Details
| Description | Htpasswd |
| Difficulty Level | Low |
| Root or Sudo Privileges | No |
| OS Compatibility | Ubuntu, Manjaro, Fedora, etc. |
| Prerequisites | β |
| Internet Required | Yes |
How to Install Htpasswd on Linux
To install βhtpasswdβ on Linux, you need to install the Apache HTTP Server package, which includes the βhtpasswdβ utility.
The steps to install βhtpasswdβ vary depending on the Linux distribution you are using. Here are the commands for some popular Linux distributions:
$ sudo apt install apache2-utils -y #On Debian and Ubuntu
$ sudo dnf install httpd-tools -y #On Red Hat and Fedora
$ sudo pacman -S apache -y #On Arch and Manjaro
$ sudo zypper install apache2-utils #On openSUSESyntax of the Htpasswd Command
The htpasswd command takes three arguments: one is the option, the other is the path of the password file, and the third is the username.
$ htpasswd [OPTIONS] PASSWORD-FILE USERNAMEWhereas,
- β
optionsβ: These are the optional options that modify the behavior of this command. - β
password-fileβ: The path to the password file or the file to be created/updated. - β
usernameβ: The username for which the password will be set or updated.
Now, letβs look at a few usages of this command with practical examples.
Create a New Password File
To create a new password file, use the β-cβ flag followed by your desired path. If the specified path already has a file with the same name, it will be overwritten. Be sure to provide the username for which you want to set a password in the password file.
linuxtldrβ). By default, it uses the MD5 encryption algorithm for password hashing.$ htpasswd -c ~/password-file linuxtldr
$ cat ~/password-fileOutput:
Add or Update a User in the Password File
To modify the existing password file, like updating the password for the existing user or adding a new user, simply use the htpasswd command with the path to the password file and username without any flags.
Adding a new user (ex: βjakeβ) in the existing password file:
$ htpasswd ~/password-file jake
$ cat ~/password-fileOutput:
Updating the password for an existing user (ex: βlinuxtldrβ) in the password file:
$ htpasswd ~/password-file linuxtldr
$ cat ~/password-fileOutput:
Remove a User from the Password File
To remove an existing user from the password file, use the β-Dβ flag followed by the password file path and the username (ex: βjakeβ).
$ htpasswd -D ~/password-file jake
$ cat ~/password-fileOutput:
Generate the Userβs Password Hash Without Creating a New File
To generate a password hash for the user without creating any password files, you can use the β-nβ flag followed by the username (ex: βlinuxtldrβ).
$ htpasswd -n linuxtldrOutput:
Generate the Userβs Password Hash without Prompting
In all previous examples, whenever you wanted to create a password file for your desired user, the password was asked in the prompt after pressing the βenterβ button.
This behavior can be changed by using the β-bβ flag, which allows htpasswd to use the password from the command line rather than prompting for it.
$ htpasswd -nb linuxtldr passwordOutput:
Generate the Userβs Password Hash with your Desired Encryption
By default, MD5 encryption is used to generate passwords for users. However, you can use other encryption algorithms by specifying their corresponding flags, as mentioned below:
| Options | Encryption Algorithm | Remark |
|---|---|---|
-m | MD5 Encryption | Default |
-B | Bcrypt Encryption | Very Secure |
-d | CRYPT Encryption | Insecure |
-s | SHA Encryption | Insecure |
-p | Plain Text | Insecure |
The following is the usage of all the above mentioned encryption algorithms using their flags in addition to the β-nβ flag (to avoid creating a password file) and the β-bβ flag (to take passwords from the command line) for the referenced user (ex: βlinuxtldrβ).
$ htpasswd -nbm linuxtldr password #MD5 Encryption
$ htpasswd -nbB linuxtldr password #Bcrypt Encryption
$ htpasswd -nbd linuxtldr password #CRYPT Encryption
$ htpasswd -nbs linuxtldr password #SHA Encryption
$ htpasswd -nbp linuxtldr password #Plain TextOutput:
Verify the Userβs Password Hash in the Password File
You can use the β-vβ flag to check if the specified password matches the stored hash for the given username in the password file.
$ htpasswd -v ~/password-file linuxtldrOutput:
How to Remove Htpasswd in Linux
To remove βhtpasswdβ from your Linux system, simply uninstall the package using the same name as you used during installation.
Choose one of the following commands based on your Linux system:
$ sudo apt remove apache2-utils -y #On Debian and Ubuntu
$ sudo dnf remove httpd-tools -y #On Red Hat and Fedora
$ sudo pacman -R apache -y #On Arch and Manjaro
$ sudo zypper remove apache2-utils #On openSUSEFinal Word
I hope you find this tool amazing and that this article has helped you in all possible ways. If you have anything to ask or find something questionable, then feel free to tell us in the comment section.
Till then, peace!
Excellent information. Since this tool is to be used by applications like Apache, could we integrate this file with the users or groups from the system itself (Linux). This way, we will follow security best practices and have a central user repository. Thanks