user-password file permission of htpasswd - apache

user-password file permission of htpasswd - apache

Post by Jimmy Fa » Thu, 31 May 2001 04:00:24



Hi,

I want to provide a web page to allow users to update their password.
The Apache is running on Solaris(unix).

The web site is protected by access.conf, .htaccess., htpasswd with
Apache.

In CGI(perl), we want to use "htpasswd" utility to generate the
username and password store them in a file called "users".

The following is what I tested:
    The file "users" must be group writable to allow Perl CGI to    
    call "htpasswd..." to change the password. There is a bad side -
from
    UNIX command line, any group user can manually call "htpasswd..."
to
    change someone else's password.

Is it possible to call "htpasswd..." in CGI while the file storing
user and
password pairs is writable only to administrator or specific person?

Thanks
Jimmy

 
 
 

user-password file permission of htpasswd - apache

Post by Joshua Sliv » Thu, 31 May 2001 05:50:59



> Is it possible to call "htpasswd..." in CGI while the file storing
> user and
> password pairs is writable only to administrator or specific person?

Sure.  The "specific person" in this case is the Apache userid
defined in the User and Group in httpd.conf.

--
Joshua Slive

http://slive.ca/

 
 
 

1. apache - setup of password file without using htpasswd

I am trying to setup my username / password file for a folder on my website.
The problem is that I don't have telnet access to my site, and so can't use
htpasswd.

Is it possible to create the .htpasswd file offline, and upload it to my
site via ftp?

I have copied an example from the web to my folder, and although I get the
password entry box, the user / password combination are not accepted.

At this stage, I am not concerned with making the security "bullet proof"
and have stored .htaccess and .htpasswd in the same folder on my site.

In theory, using the following files, and supplying the username/password
combo of fido/bones should allow access to the folder, but this is not the
case.

Here is a copy of my .htaccess file...

AuthUserFile /home/sites/site58/web/martin/.htpasswd
AuthGroupFile /dev/null
AuthName ExampleByPassword
AuthType Basic
<Limit GET>
require user fido
</Limit>

Here is a copy of my .htpasswd file...

fido:h5HhgnhegqFIw

2. Linux RH6.2 & Win9* - can ping but can't map

3. Apache htpasswd won't append to password file

4. ftp : attempt to access beyond end of device

5. password does not allow add a password for a new user with a Permission denied

6. Xlib: Client is not authorized to connect to Server

7. Making htpasswd=user's password

8. Todays tragedy and CoffeeCup software

9. Multiple passwords for same user in .htpasswd

10. help: NCSA httpd + htpasswd + user change password ...

11. Fastest way to enter 1400+ user/passwords via htpasswd!

12. How to generate password text for .htpasswd on Apache

13. Apache: override user file permissions