You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2012/12/12 15:15:56 UTC
svn commit: r1420690 [9/9] - in /httpd/httpd/trunk/docs: man/ manual/
manual/howto/ manual/misc/ manual/mod/ manual/programs/
Modified: httpd/httpd/trunk/docs/manual/programs/dbmmanage.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/programs/dbmmanage.html.en?rev=1420690&r1=1420689&r2=1420690&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/programs/dbmmanage.html.en (original)
+++ httpd/httpd/trunk/docs/manual/programs/dbmmanage.html.en Wed Dec 12 14:15:38 2012
@@ -34,6 +34,9 @@
program can only be used when the usernames are stored in a DBM file. To
use a flat-file database see <code class="program"><a href="../programs/htpasswd.html">htpasswd</a></code>.</p>
+ <p>Another tool to maintain a DBM password database is
+ <code class="program"><a href="../programs/htdbm.html">htdbm</a></code>.</p>
+
<p>This manual page only lists the command line arguments. For details of
the directives necessary to configure user authentication in
<code class="program"><a href="../programs/httpd.html">httpd</a></code> see the httpd manual, which is part of
@@ -42,7 +45,7 @@
<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#synopsis">Synopsis</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#options">Options</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#bugs">Bugs</a></li>
-</ul><h3>See also</h3><ul class="seealso"><li><code class="program"><a href="../programs/httpd.html">httpd</a></code></li><li><code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code></li><li><code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code></li></ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+</ul><h3>See also</h3><ul class="seealso"><li><code class="program"><a href="../programs/httpd.html">httpd</a></code></li><li><code class="program"><a href="../programs/htdbm.html">htdbm</a></code></li><li><code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code></li><li><code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code></li></ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="synopsis" id="synopsis">Synopsis</a></h2>
Modified: httpd/httpd/trunk/docs/manual/programs/htdbm.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/programs/htdbm.html.en?rev=1420690&r1=1420689&r2=1420690&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/programs/htdbm.html.en (original)
+++ httpd/httpd/trunk/docs/manual/programs/htdbm.html.en Wed Dec 12 14:15:38 2012
@@ -43,33 +43,40 @@
<h2><a name="synopsis" id="synopsis">Synopsis</a></h2>
<p><code><strong>htdbm</strong>
[ -<strong>T</strong><var>DBTYPE</var> ]
+ [ -<strong>i</strong> ]
[ -<strong>c</strong> ]
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
- -<strong>p</strong> |
- -<strong>s</strong> ]
+ -<strong>s</strong> |
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ]
[ -<strong>t</strong> ]
[ -<strong>v</strong> ]
- [ -<strong>x</strong> ]
<var>filename</var> <var>username</var></code></p>
<p><code><strong>htdbm</strong> -<strong>b</strong>
[ -<strong>T</strong><var>DBTYPE</var> ]
[ -<strong>c</strong> ]
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
- -<strong>p</strong> |
- -<strong>s</strong> ]
+ -<strong>s</strong> |
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ]
[ -<strong>t</strong> ]
[ -<strong>v</strong> ]
<var>filename</var> <var>username</var> <var>password</var></code></p>
<p><code><strong>htdbm</strong> -<strong>n</strong>
+ [ -<strong>i</strong> ]
[ -<strong>c</strong> ]
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
- -<strong>p</strong> |
- -<strong>s</strong> ]
+ -<strong>s</strong> |
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ]
[ -<strong>t</strong> ]
[ -<strong>v</strong> ]
<var>username</var></code></p>
@@ -77,20 +84,25 @@
<p><code><strong>htdbm</strong> -<strong>nb</strong>
[ -<strong>c</strong> ]
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
- -<strong>p</strong> |
- -<strong>s</strong> ]
+ -<strong>s</strong> |
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ]
[ -<strong>t</strong> ]
[ -<strong>v</strong> ]
<var>username</var> <var>password</var></code></p>
<p><code><strong>htdbm</strong> -<strong>v</strong>
[ -<strong>T</strong><var>DBTYPE</var> ]
+ [ -<strong>i</strong> ]
[ -<strong>c</strong> ]
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
- -<strong>p</strong> |
- -<strong>s</strong> ]
+ -<strong>s</strong> |
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ]
[ -<strong>t</strong> ]
[ -<strong>v</strong> ]
<var>filename</var> <var>username</var></code></p>
@@ -99,19 +111,17 @@
[ -<strong>T</strong><var>DBTYPE</var> ]
[ -<strong>c</strong> ]
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
- -<strong>p</strong> |
- -<strong>s</strong> ]
+ -<strong>s</strong> |
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ]
[ -<strong>t</strong> ]
[ -<strong>v</strong> ]
<var>filename</var> <var>username</var> <var>password</var></code></p>
<p><code><strong>htdbm</strong> -<strong>x</strong>
[ -<strong>T</strong><var>DBTYPE</var> ]
- [ -<strong>m</strong> |
- -<strong>d</strong> |
- -<strong>p</strong> |
- -<strong>s</strong> ]
<var>filename</var> <var>username</var></code></p>
<p><code><strong>htdbm</strong> -<strong>l</strong>
@@ -125,7 +135,10 @@
<dd>Use batch mode; <em>i.e.</em>, get the password from the command line
rather than prompting for it. This option should be used with extreme care,
since <strong>the password is clearly visible</strong> on the command
- line.</dd>
+ line. For script use see the <code>-i</code> option.</dd>
+
+ <dt><code>-i</code></dt>
+ <dd>Read the password from stdin without verification (for script usage).</dd>
<dt><code>-c</code></dt>
<dd>Create the <var>passwdfile</var>. If <var>passwdfile</var> already
@@ -142,15 +155,26 @@
<dd>Use MD5 encryption for passwords. On Windows and Netware, this is
the default.</dd>
+ <dt><code>-B</code></dt>
+ <dd>Use bcrypt encryption for passwords. This is currently considered to
+ be very secure.</dd>
+
+ <dt><code>-C</code></dt>
+ <dd>This flag is only allowed in combination with <code>-B</code> (bcrypt
+ encryption). It sets the computing time used for the bcrypt algorithm
+ (higher is more secure but slower, default: 5, valid: 4 to 31).</dd>
+
<dt><code>-d</code></dt>
<dd>Use <code>crypt()</code> encryption for passwords. The default on all
platforms but Windows and Netware. Though possibly supported by
<code>htdbm</code> on all platforms, it is not supported by the
- <code class="program"><a href="../programs/httpd.html">httpd</a></code> server on Windows and Netware.</dd>
+ <code class="program"><a href="../programs/httpd.html">httpd</a></code> server on Windows and Netware.
+ This algorithm is <strong>insecure</strong> by today's standards.</dd>
<dt><code>-s</code></dt>
<dd>Use SHA encryption for passwords. Facilitates migration from/to Netscape
- servers using the LDAP Directory Interchange Format (ldif).</dd>
+ servers using the LDAP Directory Interchange Format (ldif).
+ This algorithm is <strong>insecure</strong> by today's standards.</dd>
<dt><code>-p</code></dt>
<dd>Use plaintext passwords. Though <code>htdbm</code> will support
@@ -161,12 +185,6 @@
<dd>Print each of the usernames and comments from the database on
stdout.</dd>
- <dt><code>-t</code></dt>
- <dd>Interpret the final parameter as a comment. When this option is
- specified, an additional string can be appended to the command line; this
- string will be stored in the "Comment" field of the database, associated
- with the specified username.</dd>
-
<dt><code>-v</code></dt>
<dd>Verify the username and password. The program will print a message
indicating whether the supplied password is valid. If the password is
@@ -176,6 +194,12 @@
<dd>Delete user. If the username exists in the specified DBM file, it
will be deleted.</dd>
+ <dt><code>-t</code></dt>
+ <dd>Interpret the final parameter as a comment. When this option is
+ specified, an additional string can be appended to the command line; this
+ string will be stored in the "Comment" field of the database, associated
+ with the specified username.</dd>
+
<dt><code><var>filename</var></code></dt>
<dd>The filename of the DBM format file. Usually without the extension
<code>.db</code>, <code>.pag</code>, or <code>.dir</code>. If
@@ -262,6 +286,18 @@
<p>The use of the <code>-b</code> option is discouraged, since when it is
used the unencrypted password appears on the command line.</p>
+
+ <p>When using the <code>crypt()</code> algorithm, note that only the first
+ 8 characters of the password are used to form the password. If the supplied
+ password is longer, the extra characters will be silently discarded.</p>
+
+ <p>The SHA encryption format does not use salting: for a given password,
+ there is only one encrypted representation. The <code>crypt()</code> and
+ MD5 formats permute the representation by prepending a random salt string,
+ to make dictionary attacks against the passwords more difficult.</p>
+
+ <p>The SHA and <code>crypt()</code> formats are insecure by today's
+ standards.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="restrictions" id="restrictions">Restrictions</a></h2>
Modified: httpd/httpd/trunk/docs/manual/programs/htpasswd.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/programs/htpasswd.html.en?rev=1420690&r1=1420689&r2=1420690&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/programs/htpasswd.html.en (original)
+++ httpd/httpd/trunk/docs/manual/programs/htpasswd.html.en Wed Dec 12 14:15:38 2012
@@ -36,13 +36,16 @@
just the users listed in the files created by <code>htpasswd</code>. This
program can only manage usernames and passwords stored in a flat-file. It
can encrypt and display password information for use in other types of data
- stores, though. To use a DBM database see <code class="program"><a href="../programs/dbmmanage.html">dbmmanage</a></code>.</p>
+ stores, though. To use a DBM database see <code class="program"><a href="../programs/dbmmanage.html">dbmmanage</a></code> or
+ <code class="program"><a href="../programs/htdbm.html">htdbm</a></code>.</p>
- <p><code>htpasswd</code> encrypts passwords using either a version of MD5
- modified for Apache, or the system's <code>crypt()</code> routine. Files
- managed by <code>htpasswd</code> may contain both types of passwords; some
- user records may have MD5-encrypted passwords while others in the same file
- may have passwords encrypted with <code>crypt()</code>.</p>
+ <p><code>htpasswd</code> encrypts passwords using either bcrypt,
+ a version of MD5 modified for Apache, SHA1, or the system's
+ <code>crypt()</code> routine. Files
+ managed by <code>htpasswd</code> may contain a mixture of different encoding
+ types of passwords; some
+ user records may have bcrypt or MD5-encrypted passwords while others in the
+ same file may have passwords encrypted with <code>crypt()</code>.</p>
<p>This manual page only lists the command line arguments. For details of
the directives necessary to configure user authentication in
@@ -55,36 +58,50 @@
<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Considerations</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#restrictions">Restrictions</a></li>
-</ul><h3>See also</h3><ul class="seealso"><li><code class="program"><a href="../programs/httpd.html">httpd</a></code></li><li>The scripts in support/SHA1 which come with the
+</ul><h3>See also</h3><ul class="seealso"><li><code class="program"><a href="../programs/httpd.html">httpd</a></code></li><li><code class="program"><a href="../programs/htdbm.html">htdbm</a></code></li><li>The scripts in support/SHA1 which come with the
distribution.</li></ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="synopsis" id="synopsis">Synopsis</a></h2>
<p><code><strong>htpasswd</strong>
[ -<strong>c</strong> ]
- [ -<strong>m</strong> ]
- [ -<strong>D</strong> ] <var>passwdfile</var> <var>username</var></code></p>
+ [ -<strong>i</strong> ]
+ [ -<strong>m</strong> |
+ -<strong>B</strong> |
+ -<strong>d</strong> |
+ -<strong>s</strong> |
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ]
+ [ -<strong>D</strong> ] <var>passwdfile</var> <var>username</var></code></p>
<p><code><strong>htpasswd</strong> -<strong>b</strong>
[ -<strong>c</strong> ]
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
- -<strong>p</strong> |
- -<strong>s</strong> ]
+ -<strong>s</strong> |
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ]
[ -<strong>D</strong> ] <var>passwdfile</var> <var>username</var>
<var>password</var></code></p>
<p><code><strong>htpasswd</strong> -<strong>n</strong>
+ [ -<strong>i</strong> ]
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
-<strong>s</strong> |
- -<strong>p</strong> ] <var>username</var></code></p>
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ] <var>username</var></code></p>
<p><code><strong>htpasswd</strong> -<strong>nb</strong>
[ -<strong>m</strong> |
+ -<strong>B</strong> |
-<strong>d</strong> |
-<strong>s</strong> |
- -<strong>p</strong> ] <var>username</var> <var>password</var></code></p>
+ -<strong>p</strong> ]
+ [ -<strong>C</strong> <var>cost</var> ] <var>username</var>
+ <var>password</var></code></p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="options" id="options">Options</a></h2>
@@ -93,7 +110,10 @@ distribution.</li></ul><ul class="seeals
<dd>Use batch mode; <em>i.e.</em>, get the password from the command line
rather than prompting for it. This option should be used with extreme care,
since <strong>the password is clearly visible</strong> on the command
- line.</dd>
+ line. For script use see the <code>-i</code> option.</dd>
+
+ <dt><code>-i</code></dt>
+ <dd>Read the password from stdin without verification (for script usage).</dd>
<dt><code>-c</code></dt>
<dd>Create the <var>passwdfile</var>. If <var>passwdfile</var> already
@@ -110,6 +130,15 @@ distribution.</li></ul><ul class="seeals
<dt><code>-m</code></dt>
<dd>Use MD5 encryption for passwords. This is the default.</dd>
+ <dt><code>-B</code></dt>
+ <dd>Use bcrypt encryption for passwords. This is currently considered to
+ be very secure.</dd>
+
+ <dt><code>-C</code></dt>
+ <dd>This flag is only allowed in combination with <code>-B</code> (bcrypt
+ encryption). It sets the computing time used for the bcrypt algorithm
+ (higher is more secure but slower, default: 5, valid: 4 to 31).</dd>
+
<dt><code>-d</code></dt>
<dd>Use <code>crypt()</code> encryption for passwords. This is not
supported by the <code class="program"><a href="../programs/httpd.html">httpd</a></code> server on Windows and