Closed Thread Icon

Topic awaiting preservation: password (Page 1 of 1) Pages that link to <a href="" title="Pages that link to Topic awaiting preservation: password (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: password <span class="small">(Page 1 of 1)</span>\

Nervous Wreck (II) Inmate

From: Mountain ON
Insane since: Jan 2004

posted posted 01-20-2004 13:00


This is probably 101 for some of you guys or gals but anyway this is my problem. I'm running my own Apache server with the works, I managed to get .htaccess to work and the username and password window comes up on a directory I try to access via the web. I'm running windows XP Pro, how do I create a main password for all my .htaccess files? I tried Telnet but I didn't get past the different possible commands EX: htpasswd D:\Program Files\BigApache\Apache\htdocs\admin\htpasswd Mike, of course the directory I want to protect is admin, I just got sent back to the telnet prompt with command options again. It wont prompt for a password entry. My httpd.config and htaccess file in the admin directory are both set right (I think) as I do get the auth window. Is there an easier way to set one permanent password for all the directories I would like to protect?

These are my settings;

ht.access (I renamed the file)

AuthUserFile "D:/Program Files/BigApache/Apache/htdocs/admin/ht.passwd"
AuthName "Private Area"
AuthType Basic
require user Mike


<Directory "D:/Program Files/BigApache/Apache/htdocs">
Options Indexes FollowSymLinks Includes
AllowOverride All
Order allow,deny
Allow from all
AddHandler type-map var
AddHandler server-parsed .html
AddHandler python-program .py
PythonHandler mptest
DirectoryIndex index.html index.asp index.html.var index.php index.php3

UserDir UserDir public_html

DirectoryIndex index.asp index.html index.html.var index.php index.php3

AccessFileName ht.access

<Files ~ "^ht\.">
Order allow,deny
Deny from all


Mike Thellend

Maniac (V) Inmate

Insane since: May 2001

posted posted 01-20-2004 18:19

Well not sure if this can help but you can check out Guru's to see if it helps.



~Binary is best~

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 01-20-2004 20:39

I usually shamelessly abuse
for creating my htaccess files.

The 'telnet command' you're describing is actually a unix program, and I'm pretty much certain you have no unix box to *telnet* into. (I'd personally fire every administrator that set up telnet as a remote access solution. It is zero percent secure.

As for a 'main password', I'm not sure what you mean. Want a username/password that works in all your protecetd sites?
Well, give them all the same htpasswd file. They still need different users/passwords? You're out of luck and will have to copy your 'main password' entry into each of the files.

So long,

Tyberius Prime

Paranoid (IV) Inmate

From: [s]underwater[/s] under-snow in Juneau
Insane since: Sep 2002

posted posted 01-20-2004 23:16

for using the same password for all your password protected directories, just make them all sub-directories of a main password protected directory-




private- //password protect this



Nervous Wreck (II) Inmate

From: Mountain ON
Insane since: Jan 2004

posted posted 01-21-2004 02:20


I made a little head way since my first post here, I managed to telnet my Windows XP Apache server and have some
control over setting the password and username using htpasswd.exe in my bin folder. I know I can set the password for ht.access in one of the
directories I want to protect. I have been reading my apache docs and followed their tutorials to the best of my abilities.
I will show you were I'm at:

Welcome to Microsoft Telnet Service

login: Administrator

Welcome to Microsoft Telnet Server.

D:\Documents and Settings\Administrator>cd D:\Program Files\BigApache\Apache\bin

D:\Program Files\BigApache\Apache\bin>dir
Volume in drive D is Main 2
Volume Serial Number is B029-6DE2

Directory of D:\Program Files\BigApache\Apache\bin

01/20/2004 06:41 PM <DIR> .
01/20/2004 06:41 PM <DIR> ..
05/30/2003 05:10 PM 77,899 ab.exe
05/30/2003 05:06 PM 20,550 Apache.exe
05/30/2003 05:10 PM 41,051 ApacheMonitor.exe
05/30/2003 05:10 PM 10,982
05/30/2003 05:10 PM 81,997 htdbm.exe
05/30/2003 05:10 PM 65,616 htdigest.exe
01/20/2004 06:41 PM 0 htpasswd

05/30/2003 05:10 PM 77,904 htpasswd.exe

01/12/2004 10:59 PM <DIR> iconv
05/30/2003 05:05 PM 122,961 libapr.dll
05/30/2003 05:05 PM 36,956 libapriconv.dll
05/30/2003 05:06 PM 168,026 libaprutil.dll
05/07/2003 12:25 PM 856,064 libeay32.dll
05/30/2003 05:06 PM 245,832 libhttpd.dll
05/30/2003 05:10 PM 20,562 logresolve.exe
05/07/2003 12:25 PM 274,432 openssl.exe
05/30/2003 05:10 PM 41,042 rotatelogs.exe
05/07/2003 12:25 PM 159,744 ssleay32.dll
05/30/2003 05:10 PM 20,564 wintty.exe
18 File(s) 2,322,182 bytes
3 Dir(s) 53,279,420,416 bytes free

D:\Program Files\BigApache\Apache\bin> (flashing cursor)

At this point I'm in my Apache bin directory were htpasswd.exe is located in order for me to create a username and password.
Now according to Apache's Doc's this is what I need to do, but first I would like to mention that I created a folder in the
root section of my server called htpass, this is where I want to store my password files. Also my .htaccess file is in the
directory I want to protect and my httpd.conf is set to All. I do get the Authentication window when I try to access my protected
directory, but what good is it if I can't even get in myself. lol

(D:\Program Files\BigApache\APache\htpass)

Apache Examples;

1-htpasswd /usr/local/etc/apache/.htpasswd-users jsmith <<<in my case>>> htpasswd D:\Program Files\BigApache\Apache\.htpasswd-users Mike
Adds or modifies the password for user jsmith. The user is prompted for the password. If executed on a Windows system, the password
will be encrypted using the modified Apache MD5 algorithm; otherwise, the system's crypt() routine will be used. If the file does not exist,
htpasswd will do nothing except return an error.

2-htpasswd -c /home/doe/public_html/.htpasswd jane <<<in my case>>> htpasswd -c D:\Program Files\BigApache\Apache\.htpasswd Mike
Creates a new file and stores a record in it for user jane. The user is prompted for the password. If the file exists and can
not be read, or cannot be written, it is not altered and htpasswd will display a message and return an error status.

3-htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve <<<in my case>>> htpasswd -mb D:\Program Files\BigApache\Apache\.htpasswd-all Mike
Encrypts the password from the command line (Pwd4Steve) using the MD5 algorithm, and stores it in the specified file.

Now I need to do number 2, because I want to create the user Mike. this is what I get in telnet;

D:\Program Files\BigApache\Apache\bin>htpasswd -c D:\Program Files\BigApache\Apa
che\.htpasswd Mike

htpasswd [-cmdpsD] passwordfile username

htpasswd -b[cmdpsD] passwordfile username password

htpasswd -n[mdps] username

htpasswd -nb[mdps] username password

-c Create a new file.

-n Don't update file; display results on stdout.

-m Force MD5 encryption of the password (default).

-d Force CRYPT encryption of the password.

-p Do not encrypt the password (plaintext).

-s Force SHA encryption of the password.

-b Use the password from the command line rather than prompting for it.

-D Delete the specified user.

On Windows, NetWare and TPF systems the '-m' flag is used by default.

On all other systems, the '-p'flag will probably not work.

D:\Program Files\BigApache\Apache\bin> (Flashing Cursor)

As you can see I was not prompted for the password, so I tried without the name Mike and I got this message and prompt
which to me is the correct step to creating my username and pass.

D:\Program Files\BigApache\Apache\bin>htpasswd -c D:\Program Files\BigApache\Apache\htpass\.htpasswd

Automatically using MD5 format.


D:\Program Files\BigApache\Apache\bin>htpasswd -c D:\Program Files\BigApache\Apache\htpass\.htpasswd
Automatically using MD5 format.

I tried typing this (htpasswd -c D:\Program Files\BigApache\Apache\htpass\.htpasswd) again at the command prompt (D:\Program Files\BigApache\Apache\bin>(Flashing Cursor)) ;

D:\Program Files\BigApache\Apache\bin>(Flashing Cursor)
htpasswd -c D:\Program Files\BigApache\Apache\htpass\.htpasswd
Automatically using MD5 format.

Adding password for user Files\BigApache\Apache\htpass\.htpasswd
New password:
Re-type new password:

D:\Program Files\BigApache\Apache\bin>(Flashing Cursor)

This is about the closest I got to anything, but it was generated automatically and I had no control over inserting the password myself.

Thanks for your patience, I've been trying all sorts of commands to create the password for the user Mike and have had no success.
I'm almost there!!! Lead me on from here please!!!

Mike Thellend

[This message has been edited by Whizzz (edited 01-21-2004).]

[This message has been edited by Whizzz (edited 01-21-2004).]

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 01-21-2004 12:24

a) you should be able to run htpasswd.exe from the command line. No need for all that telnet buisness, which is dangerous if telnet is open to the world (start/run/cmd.exe, looks a lot like telnet.
b) it says 'htpasswd passwordfile username'
So try htpasswd c:\...\.htpasswd mike instead ;-).
(And usernames should be lower case, I feel. At least unix usernames traditionally are.

so long,

Nervous Wreck (II) Inmate

From: Mountain ON
Insane since: Jan 2004

posted posted 01-22-2004 07:01


Ok I took your advise about letting go of telnet and used the windows cmd.exe this gave me the control I needed to input the username and password. I also disable telnet in services.

Now I finally got it to work:

htpasswd -c passwordfile username (this was an example provided in cmd.exe after getting to my bin directory ex: D:\Program Files\BigApache\Apache\bin were htpasswd.exe was).

Then I was introduced to some options like the ones seen in my previous posts, I made the mistake of creating and adding the path to the passwords file, this is automatically generated.

Then I typed:

htpasswd -c passwords mike ( So when I entered this info a password file was created in the Apache bin folder automatically with the username and md5 encrypted password. I made the mistake of creating the password file somewhere else).

Then I got this:

New password: ------- (I added the password)
Re-type new password: ------ (Again)
Adding password for user mike

Then in my .htaccess file in the directory I wanted to protect I inserted the path to the passwords file that was generated for me.

AuthUserFile "D:\Program Files\BigApache\Apache\bin\passwords"
AuthName "Restricted Area"
AuthType Basic
Require user mike

Like I said it works great!!!


Mike Thellend

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 01-22-2004 09:22

just a side not, htpasswords are not md5ed, but crypted. Minor difference.

« BackwardsOnwards »

Show Forum Drop Down Menu