Solved

.passwd to .htpasswd

Posted on 1997-05-30
3
999 Views
Last Modified: 2013-12-25
Can I convert /etc/.passwd to .htpasswd ?
In /etc/.passwd the password is not same with the .htpasswd.
Now I went protect my web home page .
just user who is the user in the linux can acces those files.
What can I write it ?

Thanks.
0
Comment
Question by:louisju
3 Comments
 

Accepted Solution

by:
walterk earned 10 total points
ID: 1828133
Hi,

Basically your .htaccess file is a pointer to the actual password file.

it looks something like this...
AuthUserFile passwords
AuthGroupFile /dev/null
AuthName Need Authentication
AuthType Basic

<Limit GET>
require valid-user
</Limit>

Now you have to create a file called passwords in your www-directory. Note, this can be very much a security breach as local users might have access to it (once they get in) The passwords file should also be readable by the web-server.

I assume you don't have a shadow password file and that your passwords are encrypted in the /etc/passwd file. The passwords file for the www-server is in the following format
<username>:<encrypted password>

Now you can convert your /etc/password to passwords with the following shell command.

cut -f 1,2 -d : /etc/passwd >passwords

You can automate this in a cron-job or on a script when a user gets added/removed. Don't forget to change the rights to the www-server rights.

Hope it helps

Warmest Regards
Walter
0
 

Author Comment

by:louisju
ID: 1828134
Thank you very much.
0
 

Expert Comment

by:tstang
ID: 1828135
Please be aware however that anyone with local access to that Linux box and access to perl can http packet sniff the passwords and receive perfectly decrypted usernames and passwords.

My suggestion is to at least run this with a second daemon on a different port. That way users are less likely to get it the first time.

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In this tutorial I will aim to show you how simple is making a small application in WhizBase, how to add, remove and update data in the DB. I will make a small address book application where you can add, browse, update and remove addresses. I wi…
This tutorial will discuss fancy secure registration forms, with AJAX technology support. In this article I assume you already know HTML and some JS. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you mig…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now