summaryrefslogtreecommitdiffstats
path: root/docs/man
diff options
context:
space:
mode:
Diffstat (limited to 'docs/man')
-rw-r--r--docs/man/dbmmanage.15
-rw-r--r--docs/man/htdbm.146
-rw-r--r--docs/man/htpasswd.125
3 files changed, 53 insertions, 23 deletions
diff --git a/docs/man/dbmmanage.1 b/docs/man/dbmmanage.1
index 88e4a7057e..a0f9f78001 100644
--- a/docs/man/dbmmanage.1
+++ b/docs/man/dbmmanage.1
@@ -19,7 +19,7 @@
.el .ne 3
.IP "\\$1" \\$2
..
-.TH "DBMMANAGE" 1 "2004-12-10" "Apache HTTP Server" "dbmmanage"
+.TH "DBMMANAGE" 1 "2012-12-12" "Apache HTTP Server" "dbmmanage"
.SH NAME
dbmmanage \- Manage user authentication files in DBM format
@@ -42,6 +42,9 @@ dbmmanage \- Manage user authentication files in DBM format
dbmmanage is used to create and update the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\&. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by dbmmanage\&. This program can only be used when the usernames are stored in a DBM file\&. To use a flat-file database see htpasswd\&.
.PP
+Another tool to maintain a DBM password database is htdbm\&.
+
+.PP
This manual page only lists the command line arguments\&. For details of the directives necessary to configure user authentication in httpd see the httpd manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&.
diff --git a/docs/man/htdbm.1 b/docs/man/htdbm.1
index 010755b45b..61a691880c 100644
--- a/docs/man/htdbm.1
+++ b/docs/man/htdbm.1
@@ -19,7 +19,7 @@
.el .ne 3
.IP "\\$1" \\$2
..
-.TH "HTDBM" 1 "2009-03-27" "Apache HTTP Server" "htdbm"
+.TH "HTDBM" 1 "2012-12-12" "Apache HTTP Server" "htdbm"
.SH NAME
htdbm \- Manipulate DBM password databases
@@ -27,25 +27,25 @@ htdbm \- Manipulate DBM password databases
.SH "SYNOPSIS"
.PP
-\fBhtdbm\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBx\fR ] \fIfilename\fR \fIusername\fR
+\fBhtdbm\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR
.PP
-\fBhtdbm\fR -\fBb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR
+\fBhtdbm\fR -\fBb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR
.PP
-\fBhtdbm\fR -\fBn\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR
+\fBhtdbm\fR -\fBn\fR [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR
.PP
-\fBhtdbm\fR -\fBnb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR \fIpassword\fR
+\fBhtdbm\fR -\fBnb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR \fIpassword\fR
.PP
-\fBhtdbm\fR -\fBv\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR
+\fBhtdbm\fR -\fBv\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR
.PP
-\fBhtdbm\fR -\fBvb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR
+\fBhtdbm\fR -\fBvb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR
.PP
-\fBhtdbm\fR -\fBx\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] \fIfilename\fR \fIusername\fR
+\fBhtdbm\fR -\fBx\fR [ -\fBT\fR\fIDBTYPE\fR ] \fIfilename\fR \fIusername\fR
.PP
\fBhtdbm\fR -\fBl\fR [ -\fBT\fR\fIDBTYPE\fR ]
@@ -62,7 +62,10 @@ htdbm is used to manipulate the DBM format files used to store usernames and pas
.TP
-b
-Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&.
+Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&. For script use see the -i option\&.
+.TP
+-i
+Read the password from stdin without verification (for script usage)\&.
.TP
-c
Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is rewritten and truncated\&. This option cannot be combined with the -n option\&.
@@ -73,11 +76,17 @@ Display the results on standard output rather than updating a database\&. This o
-m
Use MD5 encryption for passwords\&. On Windows and Netware, this is the default\&.
.TP
+-B
+Use bcrypt encryption for passwords\&. This is currently considered to be very secure\&.
+.TP
+-C
+This flag is only allowed in combination with -B (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 31)\&.
+.TP
-d
-Use crypt() encryption for passwords\&. The default on all platforms but Windows and Netware\&. Though possibly supported by htdbm on all platforms, it is not supported by the httpd server on Windows and Netware\&.
+Use crypt() encryption for passwords\&. The default on all platforms but Windows and Netware\&. Though possibly supported by htdbm on all platforms, it is not supported by the httpd server on Windows and Netware\&. This algorithm is \fBinsecure\fR by today's standards\&.
.TP
-s
-Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&.
+Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&.
.TP
-p
Use plaintext passwords\&. Though htdbm will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows and Netware\&.
@@ -85,15 +94,15 @@ Use plaintext passwords\&. Though htdbm will support creation on all platforms,
-l
Print each of the usernames and comments from the database on stdout\&.
.TP
--t
-Interpret the final parameter as a comment\&. When this option is specified, an additional string can be appended to the command line; this string will be stored in the "Comment" field of the database, associated with the specified username\&.
-.TP
-v
Verify the username and password\&. The program will print a message indicating whether the supplied password is valid\&. If the password is invalid, the program exits with error code 3\&.
.TP
-x
Delete user\&. If the username exists in the specified DBM file, it will be deleted\&.
.TP
+-t
+Interpret the final parameter as a comment\&. When this option is specified, an additional string can be appended to the command line; this string will be stored in the "Comment" field of the database, associated with the specified username\&.
+.TP
\fIfilename\fR
The filename of the DBM format file\&. Usually without the extension \&.db, \&.pag, or \&.dir\&. If -c is given, the DBM file is created if it does not already exist, or updated if it does exist\&.
.TP
@@ -156,6 +165,15 @@ Web password files such as those managed by htdbm should \fInot\fR be within the
.PP
The use of the -b option is discouraged, since when it is used the unencrypted password appears on the command line\&.
+.PP
+When using the crypt() algorithm, note that only the first 8 characters of the password are used to form the password\&. If the supplied password is longer, the extra characters will be silently discarded\&.
+
+.PP
+The SHA encryption format does not use salting: for a given password, there is only one encrypted representation\&. The crypt() and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&.
+
+.PP
+The SHA and crypt() formats are insecure by today's standards\&.
+
.SH "RESTRICTIONS"
.PP
diff --git a/docs/man/htpasswd.1 b/docs/man/htpasswd.1
index c4724a910a..07fc3a50c4 100644
--- a/docs/man/htpasswd.1
+++ b/docs/man/htpasswd.1
@@ -19,7 +19,7 @@
.el .ne 3
.IP "\\$1" \\$2
..
-.TH "HTPASSWD" 1 "2012-06-22" "Apache HTTP Server" "htpasswd"
+.TH "HTPASSWD" 1 "2012-12-12" "Apache HTTP Server" "htpasswd"
.SH NAME
htpasswd \- Manage user files for basic authentication
@@ -27,16 +27,16 @@ htpasswd \- Manage user files for basic authentication
.SH "SYNOPSIS"
.PP
-\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBm\fR ] [ -\fBD\fR ] \fIpasswdfile\fR \fIusername\fR
+\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] \fIpasswdfile\fR \fIusername\fR
.PP
-\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBD\fR ] \fIpasswdfile\fR \fIusername\fR \fIpassword\fR
+\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] \fIpasswdfile\fR \fIusername\fR \fIpassword\fR
.PP
-\fBhtpasswd\fR -\fBn\fR [ -\fBm\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] \fIusername\fR
+\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR
.PP
-\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] \fIusername\fR \fIpassword\fR
+\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR
.SH "SUMMARY"
@@ -45,10 +45,10 @@ htpasswd \- Manage user files for basic authentication
htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users\&. If htpasswd cannot access a file, such as not being able to write to the output file or not being able to read the file in order to update it, it returns an error status and makes no changes\&.
.PP
-Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd\&. This program can only manage usernames and passwords stored in a flat-file\&. It can encrypt and display password information for use in other types of data stores, though\&. To use a DBM database see dbmmanage\&.
+Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd\&. This program can only manage usernames and passwords stored in a flat-file\&. It can encrypt and display password information for use in other types of data stores, though\&. To use a DBM database see dbmmanage or htdbm\&.
.PP
-htpasswd encrypts passwords using either a version of MD5 modified for Apache, or the system's crypt() routine\&. Files managed by htpasswd may contain both types of passwords; some user records may have MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt()\&.
+htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's crypt() routine\&. Files managed by htpasswd may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt()\&.
.PP
This manual page only lists the command line arguments\&. For details of the directives necessary to configure user authentication in httpd see the Apache manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&.
@@ -59,7 +59,10 @@ This manual page only lists the command line arguments\&. For details of the dir
.TP
-b
-Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&.
+Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&. For script use see the -i option\&.
+.TP
+-i
+Read the password from stdin without verification (for script usage)\&.
.TP
-c
Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is rewritten and truncated\&. This option cannot be combined with the -n option\&.
@@ -70,6 +73,12 @@ Display the results on standard output rather than updating a file\&. This is us
-m
Use MD5 encryption for passwords\&. This is the default\&.
.TP
+-B
+Use bcrypt encryption for passwords\&. This is currently considered to be very secure\&.
+.TP
+-C
+This flag is only allowed in combination with -B (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 31)\&.
+.TP
-d
Use crypt() encryption for passwords\&. This is not supported by the httpd server on Windows and Netware\&. This algorithm limits the password length to 8 characters\&. This algorithm is \fBinsecure\fR by today's standards\&.
.TP