htpasswd 命令

常用示例

说明

htpasswd manages user authentication files for Apache HTTP Server's basic authentication. It creates and updates flat-file databases containing usernames and encrypted passwords used with .htaccess or Apache configuration directives. The password file format is simple: one line per user with username:encrypted_password. Apache's mod_auth_basic reads this file to authenticate requests. The file should be stored outside the web root and have restrictive permissions. Password encryption defaults to MD5-based algorithm (prefixed with $apr1$). The -B flag enables bcrypt, which is more resistant to brute-force attacks and recommended for new installations. The cost factor (-C) controls bcrypt's computational intensity. For non-interactive use in scripts, -b allows specifying the password on the command line, though this exposes the password in process lists. The -i flag reads from stdin, which is safer for scripting. The tool is often used with Nginx as well, since Nginx can read Apache-format password files for basic authentication.

参数

-c

Create a new file (overwrites existing).

-n

Display results on stdout, don't update file.

-b

Use password from command line (batch mode, insecure).

-i

Read password from stdin without verification.

-m

Use MD5 encryption (default on most systems).

-B

Use bcrypt encryption (most secure).

-C _cost_

Set bcrypt cost (4-17, default 5, higher = slower).

-d

Use crypt() encryption (insecure, limited to 8 chars).

-s

Use SHA encryption (insecure).

-p

Use plaintext (insecure, for testing only).

-D

Delete the specified user.

-v

Verify password for user.