Trevor013097
asked on
PERL automation of .htpasswd
I have asked this question before as have many other people but I have never seen an anwser which solved my particular setup.
I need a PERL script which can automatically generate the .htpasswd file for use with .htaccess on an Apache server. I have only got access to PERL 5.001 and do not have the facility to upgrade nor use modules other than those available with the standard PERL distribution.
At present (as I am sure you are aware), to create a username and password pair I have to telnet in and then type:-
htpasswd -c file user
enter the password twice and then for each subsequent user do the same but minus the -c switch.
What I need is a PERL script which can do this by reading a text file of names and unencrypted passwords and then create the .htpasswd file of names and encrypted passwords. I understand that htpasswd uses something along the lines of:
to64(&salt[0],rand(),2);
cpw = crypt(pw,salt);
but how to use this in a PERL script to create my .htpasswd file I have no idea.
Given the example below I need a script to convert it into the appropriate .htpasswd file:
user1:password1
user2:password2
user3:password3
Thanks in advance
I need a PERL script which can automatically generate the .htpasswd file for use with .htaccess on an Apache server. I have only got access to PERL 5.001 and do not have the facility to upgrade nor use modules other than those available with the standard PERL distribution.
At present (as I am sure you are aware), to create a username and password pair I have to telnet in and then type:-
htpasswd -c file user
enter the password twice and then for each subsequent user do the same but minus the -c switch.
What I need is a PERL script which can do this by reading a text file of names and unencrypted passwords and then create the .htpasswd file of names and encrypted passwords. I understand that htpasswd uses something along the lines of:
to64(&salt[0],rand(),2);
cpw = crypt(pw,salt);
but how to use this in a PERL script to create my .htpasswd file I have no idea.
Given the example below I need a script to convert it into the appropriate .htpasswd file:
user1:password1
user2:password2
user3:password3
Thanks in advance
ASKER
Hi ozo,
well the code certainly generator a name/encrypted password pair but when itested it with a suitable .htaccess restriction the passwords failed.
This is the code I used to generate the password file which appeared to work okay (ie I had a file with encrypted passwords):
@to64=('0'..'9','A'..'Z','
srand($$+time);
##########################
#
# Return Content-type of HTML
#
##########################
print "Content-type: text/html\n\n";
open(PasswordData, "../docs/secret/passwordda
or die "can't open ../docs/secret/passworddat
open(PasswordFile, ">../docs/secret/.htpasswd
or die "can't open ../docs/secret/.htpasswd for writing because $!";
while( <PasswordData> ){
($user,$pw) = split(/:/);
$salt=$to64[rand(64)].$to6
$cpw = crypt($pw,$salt);
# print "$user:$cpw\n";
print PasswordFile "$user:$cpw\n";
}
close(PasswordData);
close(PasswordFile);
print "All Passwords encrypted\n\n";
1;
The passworddata.txt file looks like this:-
trev:letmein
me:password
and the resulting file (.htpasswd) looks like this:-
trev:SER8liZGw04zo
me:jCnBGraYXCZKQ
but when I put a .htaccess file in a directory and LIMIT to users *trev* and *me* the pop-up appears requesting the password but it fails with authorization required.
well the code certainly generator a name/encrypted password pair but when itested it with a suitable .htaccess restriction the passwords failed.
This is the code I used to generate the password file which appeared to work okay (ie I had a file with encrypted passwords):
@to64=('0'..'9','A'..'Z','
srand($$+time);
##########################
#
# Return Content-type of HTML
#
##########################
print "Content-type: text/html\n\n";
open(PasswordData, "../docs/secret/passwordda
or die "can't open ../docs/secret/passworddat
open(PasswordFile, ">../docs/secret/.htpasswd
or die "can't open ../docs/secret/.htpasswd for writing because $!";
while( <PasswordData> ){
($user,$pw) = split(/:/);
$salt=$to64[rand(64)].$to6
$cpw = crypt($pw,$salt);
# print "$user:$cpw\n";
print PasswordFile "$user:$cpw\n";
}
close(PasswordData);
close(PasswordFile);
print "All Passwords encrypted\n\n";
1;
The passworddata.txt file looks like this:-
trev:letmein
me:password
and the resulting file (.htpasswd) looks like this:-
trev:SER8liZGw04zo
me:jCnBGraYXCZKQ
but when I put a .htaccess file in a directory and LIMIT to users *trev* and *me* the pop-up appears requesting the password but it fails with authorization required.
Well, I did forget to do a
chomp;
before the
($user,$pw) = split(/:/);
which would have changed the
trev:SER8liZGw04zo
to
trev:SE7gum0tJ6hP6
but
me:jCnBGraYXCZKQ
would be the same, since "password" has 8 letters already...
What does
htpasswd -c file user
create?
chomp;
before the
($user,$pw) = split(/:/);
which would have changed the
trev:SER8liZGw04zo
to
trev:SE7gum0tJ6hP6
but
me:jCnBGraYXCZKQ
would be the same, since "password" has 8 letters already...
What does
htpasswd -c file user
create?
ASKER
Okay ozo,
I think we have a small problem. When I added a chomp; line the new passwords generated were:-
trev:14916O3L./PTQ
me:pYw5pQf1/i11w
however when I create them using
htpasswd -c file user
and then
htpasswd file user
I get:-
trev:psTPlr1R2qDEU
me:8m7UxPXfRw7/2
I get the feeling that the PERL script is encrypting with a different key or am I barking up the wrong tree?
I think we have a small problem. When I added a chomp; line the new passwords generated were:-
trev:14916O3L./PTQ
me:pYw5pQf1/i11w
however when I create them using
htpasswd -c file user
and then
htpasswd file user
I get:-
trev:psTPlr1R2qDEU
me:8m7UxPXfRw7/2
I get the feeling that the PERL script is encrypting with a different key or am I barking up the wrong tree?
ASKER
ozo,
I don't fully understand this passwording thing. Everytime I re-run the program I get a different set of name/password pairs, I assume due to the random number and variable time being used. So how therefore does the htpasswd program on the server know how to decrypt the passowrd in order to verify it? Am I just being stupid? (probably..)
I don't fully understand this passwording thing. Everytime I re-run the program I get a different set of name/password pairs, I assume due to the random number and variable time being used. So how therefore does the htpasswd program on the server know how to decrypt the passowrd in order to verify it? Am I just being stupid? (probably..)
the salt is the first 2 characters of cpw, so to verify it check that
crypt($pw,$cpw) eq $cpw;
The documentation for crypt explains this.
(and setting $salt to 'ps' or '8m' instead of random does give the same thing as htpasswd file user)
Sorry again for the chomp problem.
crypt($pw,$cpw) eq $cpw;
The documentation for crypt explains this.
(and setting $salt to 'ps' or '8m' instead of random does give the same thing as htpasswd file user)
Sorry again for the chomp problem.
Trevor,
you can't verify the passwords by generating them again. The same password entered at two different points in time will yield different output. But the encrypted passwords will be recognized. I have tried the script and it works wonderfully. The passwords are accepted by the Apache server with no problems.
you can't verify the passwords by generating them again. The same password entered at two different points in time will yield different output. But the encrypted passwords will be recognized. I have tried the script and it works wonderfully. The passwords are accepted by the Apache server with no problems.
ASKER
excellent ozo, it works.
Absolutley no idea what was causing me problems. I simply recreated the password file and then the user *me* worked fine but still user *trev* failed. ithen closed my browser and retried and it worked. I think it had something to do with the proxy I am running through, however it all works fine. Thanks for your help, post your answer and I'll grade it.
Absolutley no idea what was causing me problems. I simply recreated the password file and then the user *me* worked fine but still user *trev* failed. ithen closed my browser and retried and it worked. I think it had something to do with the proxy I am running through, however it all works fine. Thanks for your help, post your answer and I'll grade it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks ozo,
Has been nice working with you again.
Has been nice working with you again.
srand($$+time);
while( <DATA> ){
($user,$pw) = split/:/;
$salt=$to64[rand(64)].$to6
$cpw = crypt($pw,$salt);
print "$user:$cpw\n";
}
__DATA__
user1:password1
user2:password2
user3:password3