When you are using HTTP digest authentication, you need to specify the list of users who can access the secured page. Use the htdigest command as explained in this article to manipulate the password file that is used by Apache HTTPD digest authentication.
htdigest command syntax: htdigest [-c] passwordfile realm username
1. Create a new Apache Password file (and add a new user)
The following command will create a new password file called httpd-pwd-file, and add “ramesh” user to the file. “sysadmin” is the name of the real specified in this example. You can use any value for a realm that matches your environment.
This command will also ask you to enter the password for the user “ramesh”
# htdigest -c httpd-pwd-file sysadmin ramesh Adding password for ramesh in realm sysadmin. New password: Re-type new password:
Warning: Use -c flag only when you want to create a new password file. If you give -c by mistake, and if the password file already exist, it will be deleted. i.e it will overwrite all the user entries that are already present in the password file.
2. Apache Password File Format
The password file created by the htdigest command is a text file, which you can view it. The context of the file will be in the following format:
user-name:real-name:encrypted-password
For example, if you do a cat on the file that we created above, you’ll see something like the following:
# cat httpd-pwd-file ramesh:sysadmin:1b2c1be8667731e7289
3. Add (i.e Append) another User to Apache Password file
If you already have users defined in an existing apache password file, you can add new users as shown below.
The following example will add user “john” to the existing httpd-pwd-file in the “dba” realm
# htdigest httpd-pwd-file dba john Adding user john in realm dba New password: Re-type new password:
Now if you view the password file you’ll see both ramesh and john as shown below.
# cat httpd-pwd-file ramesh:sysadmin:1b2c1be8667731e7289 john:dba:aef90cec4e38be591b5293c
4. Change Password of an User in Apache Password file
To change the password of an existing user in the password file, just do the same thing like creating an user, but enter a new password.
The following command will change the password for the user ramesh in the password file. Please note that “ramesh” doesn’t exist, it will create it.
# htdigest httpd-pwd-file sysadmin ramesh Changing password for user ramesh in realm sysadmin New password: Re-type new password:
5. Adding an User to Multiple Realms in Password File
If you want to add the same user to multiple realms, you just need to add the user to a particular realm. This is similar to adding a user to a new realm.
The following example will add user “john” to the existing httpd-pwd-file in the “sysadmin” realm
# htdigest httpd-pwd-file sysadmin john Adding user john in realm sysadmin New password: Re-type new password:
Now, if you view the password file, you’ll see two entries for John, as he belongs to different realms. Please note that the password for john on these two realms could be different, depending on what you entered as password while adding the user to that particular realm.
# cat httpd-pwd-file ramesh:sysadmin:1b2c1be8667731e7289 john:dba:aef90cec4e38be591b5293c john:sysadmin:04672b3524ca0029340aef90
Delete an User from the Apache Password File
To delete an user from the Apache password file, you can simple vi the apache password file, and delete the particular line item from the password file.