From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

.htpasswd is a flat-file used to store usernames and password for basic authentication on an Apache HTTP Server. The name of the file is given in the .htaccess configuration, and can be anything although ".htpasswd" is the canonical name. The file name starts with a dot, because most Unix-like operating systems consider any file that begins with dot to be hidden. This file is often maintained with the shell command "htpasswd" which can add, delete, and update users, and will properly encode the password for use[1] (so that it is easily checked, but not reversed back to the original password).

The file consists of rows, each row corresponding to a username, followed by a colon, followed by a string containing the hashed password optionally prepended by an algorithm specifier ("$2y$", "$apr1$" or "{SHA}") and/or salt. The hash historically used "UNIX crypt" style with MD5 or SHA1 as common alternatives, although as of version 2.2.18 a variant of MD5 is now the default.[1]


Resources available from the Apache HTTP Server can be restricted to just the users listed in the files created by htpasswd. The .htpasswd file can be used to protect the entire directory it is placed in, as well as particular files.

See also[edit]


  1. ^ a b "htpasswd - Manage user files for basic authentication". Retrieved 2013-11-30.

External links[edit]