• Computing Resources
  • News
  • New Users
  • Policies
  • Sesfs File Server
  • Web Server
    • Personal Setup
    • Limiting Access
    • Email Form
    • Other Resources
  • Computer Labs
  • CEES Computational Clusters
  • Get Help
  • Net Connections
  • Your Macintosh
  • Your Windows PC
  • Your Unix/Linux System
  • Other School Resources
  • Using Unix

Making web accounts with command-line htpasswd program

Last revision July 10, 2009

Access Control Table of Contents: Introduction By SUNet ID By Computer By Local Password By Computer and Password By Computer or Password

Personal "web accounts" can be used to restrict access to web pages on pangea, as described in the page on limit access by requiring a password. That page describes the use of the Htpasswd Generator web site to create the encrypted password entries for the .htpasswd file.

You can also create the .htpasswd file directly with the encrypted entries using the command-line htpasswd program that is installed as part of the Apache web server system. Mac OS X includes this program (run from a Terminal shell window), as do many Linux distributions. If you are comfortable using command line programs on those platforms, you may find it easier to generate and update your .htpasswd file using the instructions here.

The htpasswd program can encrypt the passwords for your web accounts using several methods. The most portable is MD5 encryption, which you invoke with the -m option. That option is used in all the examples here.

The htpasswd program will create your .htpasswd file in the current working directory. You can either mount the appropriate file share from the sesfs.stanford.edu file server on your computer and work directly in the folder that you want to restrict, or you can run the command in some other folder (perhaps local to your computer), and then copy the resulting .htpasswd file to the correct location on the file server.

To make the first entry in the file, you use the -c option and give the first account username as an argument, in this format:

htpasswd -m -c .htpasswd username

The htpasswd program then prompts you to enter a password for the web account you are making for the user specified by the username argument. Since the password will not show as you type it, you will be prompted to enter it twice to catch typing errors.

This password will be encrypted and the file .htpasswd will be created with one line that looks something like this:

guest:$apr1$K.Gg.AkW$b8nRm2oSEmMP.v7GxRwUW/

This is the example for a web account with username "guest" and password "testit".

You can add another account to the file by running the htpasswd program again. This time, omit the -c option, for example,

htpasswd -m .htpasswd george

Reply to the prompts for the password for the "george" account. Now the .htpasswd file could have two lines that look something like:

guest:$apr1$K.Gg.AkW$b8nRm2oSEmMP.v7GxRwUW/
george:$apr1$78dZm8nb$GxlSnBN8Qo6rDTd5chH4q0

Just keep going with the htpasswd command to add more user names and passwords.

The same command can be run again at a later time to change the password for an existing user. If you want to remove a username and password, simply edit your .htpasswd file and delete the line containing that username.