Verify user and password against a file created by htpasswd

Question

Is there a way, from the command line, to check a user and password against a file created by htpasswd, the tool provided by Apache?

Answer 1

You can use the htpasswd tool for this.

# create htpasswd_file with user:password $ htpasswd -cb htpasswd_file user password Adding password for user user  # verify password for user $ htpasswd -vb htpasswd_file user wrongpassword password verification failed  $ htpasswd -vb htpasswd_file user password Password for user user correct. 

Exit status is 0 for success, 3 for failure.

Answer 2

Assuming you create the password using the following command and "myPassword" as the password

htpasswd -c /usr/local/apache/passwd/passwords username 

This will create a file that looks like

username:$apr1$sr15veBe$cwxJZHTVLHBkZKUoTHV.k. 

The $apr1$ is the hashing method, sr15veBe is the salt, and the last string is the hashed password. You can validate it using openssl using

openssl passwd -apr1 -salt sr15veBe myPassword 

which will output

$apr1$sr15veBe$cwxJZHTVLHBkZKUoTHV.k. 

A pipeline which you could use would be:

username="something" htpasswd -c /usr/local/apache/passwd/passwords $username ****Enter password:****  salt=$($(cat passwords | cut -d$ -f3) password=$(openssl passwd -apr1 -salt $salt) ****Enter password:****  grep -q $username:$password passwords  if [ $? -eq 0 ]  then echo "password is valid" else   echo "password is invalid" fi 

You may need to change your openssl command, as Apache's htpasswd command crypts slightly differently on each system.

For more information, visit Apache's page on the topic at http://httpd.apache.org/docs/2.2/misc/password_encryptions.html