1<?xml version="1.0" encoding="ISO-8859-1"?> 2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 3<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 5 This file is generated from xml source: DO NOT EDIT 6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 7 --> 8<title>htdbm - Manipulate DBM password databases - Apache HTTP Server</title> 9<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> 10<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> 11<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" /> 12<script src="/style/scripts/prettify.min.js" type="text/javascript"> 13</script> 14 15<link href="/images/favicon.ico" rel="shortcut icon" /></head> 16<body id="manual-page"><div id="page-header"> 17<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p> 18<p class="apache">Apache HTTP Server Version 2.4</p> 19<img alt="" src="/images/feather.gif" /></div> 20<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div> 21<div id="path"> 22<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Programs</a></div><div id="page-content"><div id="preamble"><h1>htdbm - Manipulate DBM password databases</h1> 23<div class="toplang"> 24<p><span>Available Languages: </span><a href="/en/programs/htdbm.html" title="English"> en </a> | 25<a href="/fr/programs/htdbm.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> | 26<a href="/tr/programs/htdbm.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p> 27</div> 28 29 <p><code>htdbm</code> is used to manipulate the DBM format files used to 30 store usernames and password for basic authentication of HTTP users via 31 <code class="module"><a href="/mod/mod_authn_dbm.html">mod_authn_dbm</a></code>. See the <code class="program"><a href="/programs/dbmmanage.html">dbmmanage</a></code> 32 documentation for more information about these DBM files.</p> 33</div> 34<div id="quickview"><ul id="toc"><li><img alt="" src="/images/down.gif" /> <a href="#synopsis">Synopsis</a></li> 35<li><img alt="" src="/images/down.gif" /> <a href="#options">Options</a></li> 36<li><img alt="" src="/images/down.gif" /> <a href="#bugs">Bugs</a></li> 37<li><img alt="" src="/images/down.gif" /> <a href="#exit">Exit Status</a></li> 38<li><img alt="" src="/images/down.gif" /> <a href="#examples">Examples</a></li> 39<li><img alt="" src="/images/down.gif" /> <a href="#security">Security Considerations</a></li> 40<li><img alt="" src="/images/down.gif" /> <a href="#restrictions">Restrictions</a></li> 41</ul><h3>See also</h3><ul class="seealso"><li><code class="program"><a href="/programs/httpd.html">httpd</a></code></li><li><code class="program"><a href="/programs/dbmmanage.html">dbmmanage</a></code></li><li><code class="module"><a href="/mod/mod_authn_dbm.html">mod_authn_dbm</a></code></li></ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> 42<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 43<div class="section"> 44<h2><a name="synopsis" id="synopsis">Synopsis</a></h2> 45 <p><code><strong>htdbm</strong> 46 [ -<strong>T</strong><var>DBTYPE</var> ] 47 [ -<strong>i</strong> ] 48 [ -<strong>c</strong> ] 49 [ -<strong>m</strong> | 50 -<strong>B</strong> | 51 -<strong>d</strong> | 52 -<strong>s</strong> | 53 -<strong>p</strong> ] 54 [ -<strong>C</strong> <var>cost</var> ] 55 [ -<strong>t</strong> ] 56 [ -<strong>v</strong> ] 57 <var>filename</var> <var>username</var></code></p> 58 59 <p><code><strong>htdbm</strong> -<strong>b</strong> 60 [ -<strong>T</strong><var>DBTYPE</var> ] 61 [ -<strong>c</strong> ] 62 [ -<strong>m</strong> | 63 -<strong>B</strong> | 64 -<strong>d</strong> | 65 -<strong>s</strong> | 66 -<strong>p</strong> ] 67 [ -<strong>C</strong> <var>cost</var> ] 68 [ -<strong>t</strong> ] 69 [ -<strong>v</strong> ] 70 <var>filename</var> <var>username</var> <var>password</var></code></p> 71 72 <p><code><strong>htdbm</strong> -<strong>n</strong> 73 [ -<strong>i</strong> ] 74 [ -<strong>c</strong> ] 75 [ -<strong>m</strong> | 76 -<strong>B</strong> | 77 -<strong>d</strong> | 78 -<strong>s</strong> | 79 -<strong>p</strong> ] 80 [ -<strong>C</strong> <var>cost</var> ] 81 [ -<strong>t</strong> ] 82 [ -<strong>v</strong> ] 83 <var>username</var></code></p> 84 85 <p><code><strong>htdbm</strong> -<strong>nb</strong> 86 [ -<strong>c</strong> ] 87 [ -<strong>m</strong> | 88 -<strong>B</strong> | 89 -<strong>d</strong> | 90 -<strong>s</strong> | 91 -<strong>p</strong> ] 92 [ -<strong>C</strong> <var>cost</var> ] 93 [ -<strong>t</strong> ] 94 [ -<strong>v</strong> ] 95 <var>username</var> <var>password</var></code></p> 96 97 <p><code><strong>htdbm</strong> -<strong>v</strong> 98 [ -<strong>T</strong><var>DBTYPE</var> ] 99 [ -<strong>i</strong> ] 100 [ -<strong>c</strong> ] 101 [ -<strong>m</strong> | 102 -<strong>B</strong> | 103 -<strong>d</strong> | 104 -<strong>s</strong> | 105 -<strong>p</strong> ] 106 [ -<strong>C</strong> <var>cost</var> ] 107 [ -<strong>t</strong> ] 108 [ -<strong>v</strong> ] 109 <var>filename</var> <var>username</var></code></p> 110 111 <p><code><strong>htdbm</strong> -<strong>vb</strong> 112 [ -<strong>T</strong><var>DBTYPE</var> ] 113 [ -<strong>c</strong> ] 114 [ -<strong>m</strong> | 115 -<strong>B</strong> | 116 -<strong>d</strong> | 117 -<strong>s</strong> | 118 -<strong>p</strong> ] 119 [ -<strong>C</strong> <var>cost</var> ] 120 [ -<strong>t</strong> ] 121 [ -<strong>v</strong> ] 122 <var>filename</var> <var>username</var> <var>password</var></code></p> 123 124 <p><code><strong>htdbm</strong> -<strong>x</strong> 125 [ -<strong>T</strong><var>DBTYPE</var> ] 126 <var>filename</var> <var>username</var></code></p> 127 128 <p><code><strong>htdbm</strong> -<strong>l</strong> 129 [ -<strong>T</strong><var>DBTYPE</var> ] 130 </code></p> 131</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 132<div class="section"> 133<h2><a name="options" id="options">Options</a></h2> 134 <dl> 135 <dt><code>-b</code></dt> 136 <dd>Use batch mode; <em>i.e.</em>, get the password from the command line 137 rather than prompting for it. This option should be used with extreme care, 138 since <strong>the password is clearly visible</strong> on the command 139 line. For script use see the <code>-i</code> option.</dd> 140 141 <dt><code>-i</code></dt> 142 <dd>Read the password from stdin without verification (for script usage).</dd> 143 144 <dt><code>-c</code></dt> 145 <dd>Create the <var>passwdfile</var>. If <var>passwdfile</var> already 146 exists, it is rewritten and truncated. This option cannot be combined with 147 the <code>-n</code> option.</dd> 148 149 <dt><code>-n</code></dt> 150 <dd>Display the results on standard output rather than updating a 151 database. This option changes the syntax of the command line, since the 152 <var>passwdfile</var> argument (usually the first one) is omitted. It 153 cannot be combined with the <code>-c</code> option.</dd> 154 155 <dt><code>-m</code></dt> 156 <dd>Use MD5 encryption for passwords. On Windows and Netware, this is 157 the default.</dd> 158 159 <dt><code>-B</code></dt> 160 <dd>Use bcrypt encryption for passwords. This is currently considered to 161 be very secure.</dd> 162 163 <dt><code>-C</code></dt> 164 <dd>This flag is only allowed in combination with <code>-B</code> (bcrypt 165 encryption). It sets the computing time used for the bcrypt algorithm 166 (higher is more secure but slower, default: 5, valid: 4 to 31).</dd> 167 168 <dt><code>-d</code></dt> 169 <dd>Use <code>crypt()</code> encryption for passwords. The default on all 170 platforms but Windows and Netware. Though possibly supported by 171 <code>htdbm</code> on all platforms, it is not supported by the 172 <code class="program"><a href="/programs/httpd.html">httpd</a></code> server on Windows and Netware. 173 This algorithm is <strong>insecure</strong> by today's standards.</dd> 174 175 <dt><code>-s</code></dt> 176 <dd>Use SHA encryption for passwords. Facilitates migration from/to Netscape 177 servers using the LDAP Directory Interchange Format (ldif). 178 This algorithm is <strong>insecure</strong> by today's standards.</dd> 179 180 <dt><code>-p</code></dt> 181 <dd>Use plaintext passwords. Though <code>htdbm</code> will support 182 creation on all platforms, the <code class="program"><a href="/programs/httpd.html">httpd</a></code> daemon will 183 only accept plain text passwords on Windows and Netware.</dd> 184 185 <dt><code>-l</code></dt> 186 <dd>Print each of the usernames and comments from the database on 187 stdout.</dd> 188 189 <dt><code>-v</code></dt> 190 <dd>Verify the username and password. The program will print a message 191 indicating whether the supplied password is valid. If the password is 192 invalid, the program exits with error code 3.</dd> 193 194 <dt><code>-x</code></dt> 195 <dd>Delete user. If the username exists in the specified DBM file, it 196 will be deleted.</dd> 197 198 <dt><code>-t</code></dt> 199 <dd>Interpret the final parameter as a comment. When this option is 200 specified, an additional string can be appended to the command line; this 201 string will be stored in the "Comment" field of the database, associated 202 with the specified username.</dd> 203 204 <dt><code><var>filename</var></code></dt> 205 <dd>The filename of the DBM format file. Usually without the extension 206 <code>.db</code>, <code>.pag</code>, or <code>.dir</code>. If 207 <code>-c</code> is given, the DBM file is created if it does not already 208 exist, or updated if it does exist.</dd> 209 210 <dt><code><var>username</var></code></dt> 211 <dd>The username to create or update in <var>passwdfile</var>. If 212 <var>username</var> does not exist in this file, an entry is added. If it 213 does exist, the password is changed.</dd> 214 215 <dt><code><var>password</var></code></dt> 216 <dd>The plaintext password to be encrypted and stored in the DBM file. 217 Used only with the <code>-b</code> flag.</dd> 218 219 <dt><code>-T<var>DBTYPE</var></code></dt> 220 <dd>Type of DBM file (SDBM, GDBM, DB, or "default").</dd> 221 </dl> 222</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 223<div class="section"> 224<h2><a name="bugs" id="bugs">Bugs</a></h2> 225 <p>One should be aware that there are a number of different DBM file 226 formats in existence, and with all likelihood, libraries for more than 227 one format may exist on your system. The three primary examples are 228 SDBM, NDBM, GNU GDBM, and Berkeley/Sleepycat DB 2/3/4. Unfortunately, 229 all these libraries use different file formats, and you must make sure 230 that the file format used by <var>filename</var> is the same format that 231 <code>htdbm</code> expects to see. <code>htdbm</code> currently has 232 no way of determining what type of DBM file it is looking at. If used 233 against the wrong format, will simply return nothing, or may create a 234 different DBM file with a different name, or at worst, it may corrupt 235 the DBM file if you were attempting to write to it.</p> 236 237 <p>One can usually use the <code>file</code> program supplied with most 238 Unix systems to see what format a DBM file is in.</p> 239</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 240<div class="section"> 241<h2><a name="exit" id="exit">Exit Status</a></h2> 242 <p><code>htdbm</code> returns a zero status ("true") if the username and 243 password have been successfully added or updated in the DBM File. 244 <code>htdbm</code> returns <code>1</code> if it encounters some problem 245 accessing files, <code>2</code> if there was a syntax problem with the 246 command line, <code>3</code> if the password was entered interactively and 247 the verification entry didn't match, <code>4</code> if its operation was 248 interrupted, <code>5</code> if a value is too long (username, filename, 249 password, or final computed record), <code>6</code> if the username 250 contains illegal characters (see the <a href="#restrictions">Restrictions 251 section</a>), and <code>7</code> if the file is not a valid DBM password 252 file.</p> 253</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 254<div class="section"> 255<h2><a name="examples" id="examples">Examples</a></h2> 256 <div class="example"><p><code> 257 htdbm /usr/local/etc/apache/.htdbm-users jsmith 258 </code></p></div> 259 260 <p>Adds or modifies the password for user <code>jsmith</code>. The user 261 is prompted for the password. If executed on a Windows system, the password 262 will be encrypted using the modified Apache MD5 algorithm; otherwise, the 263 system's <code>crypt()</code> routine will be used. If the file does not 264 exist, <code>htdbm</code> will do nothing except return an error.</p> 265 266 <div class="example"><p><code> 267 htdbm -c /home/doe/public_html/.htdbm jane 268 </code></p></div> 269 270 <p>Creates a new file and stores a record in it for user <code>jane</code>. 271 The user is prompted for the password. If the file exists and cannot be 272 read, or cannot be written, it is not altered and <code>htdbm</code> 273 will display a message and return an error status.</p> 274 275 <div class="example"><p><code> 276 htdbm -mb /usr/web/.htdbm-all jones Pwd4Steve 277 </code></p></div> 278 279 <p>Encrypts the password from the command line (<code>Pwd4Steve</code>) 280 using the MD5 algorithm, and stores it in the specified file.</p> 281</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 282<div class="section"> 283<h2><a name="security" id="security">Security Considerations</a></h2> 284 <p>Web password files such as those managed by <code>htdbm</code> should 285 <em>not</em> be within the Web server's URI space -- that is, they should 286 not be fetchable with a browser.</p> 287 288 <p>The use of the <code>-b</code> option is discouraged, since when it is 289 used the unencrypted password appears on the command line.</p> 290 291 <p>When using the <code>crypt()</code> algorithm, note that only the first 292 8 characters of the password are used to form the password. If the supplied 293 password is longer, the extra characters will be silently discarded.</p> 294 295 <p>The SHA encryption format does not use salting: for a given password, 296 there is only one encrypted representation. The <code>crypt()</code> and 297 MD5 formats permute the representation by prepending a random salt string, 298 to make dictionary attacks against the passwords more difficult.</p> 299 300 <p>The SHA and <code>crypt()</code> formats are insecure by today's 301 standards.</p> 302</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div> 303<div class="section"> 304<h2><a name="restrictions" id="restrictions">Restrictions</a></h2> 305 <p>On the Windows platform, passwords encrypted with 306 <code>htdbm</code> are limited to no more than <code>255</code> 307 characters in length. Longer passwords will be truncated to 255 308 characters.</p> 309 310 <p>The MD5 algorithm used by <code>htdbm</code> is specific to the Apache 311 software; passwords encrypted using it will not be usable with other Web 312 servers.</p> 313 314 <p>Usernames are limited to <code>255</code> bytes and may not include the 315 character <code>:</code>.</p> 316</div></div> 317<div class="bottomlang"> 318<p><span>Available Languages: </span><a href="/en/programs/htdbm.html" title="English"> en </a> | 319<a href="/fr/programs/htdbm.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a> | 320<a href="/tr/programs/htdbm.html" hreflang="tr" rel="alternate" title="T�rk�e"> tr </a></p> 321</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> 322<script type="text/javascript"><!--//--><![CDATA[//><!-- 323var comments_shortname = 'httpd'; 324var comments_identifier = 'http://httpd.apache.org/docs/2.4/programs/htdbm.html'; 325(function(w, d) { 326 if (w.location.hostname.toLowerCase() == "httpd.apache.org") { 327 d.write('<div id="comments_thread"><\/div>'); 328 var s = d.createElement('script'); 329 s.type = 'text/javascript'; 330 s.async = true; 331 s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; 332 (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); 333 } 334 else { 335 d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); 336 } 337})(window, document); 338//--><!]]></script></div><div id="footer"> 339<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> 340<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- 341if (typeof(prettyPrint) !== 'undefined') { 342 prettyPrint(); 343} 344//--><!]]></script> 345</body></html>