DragonFly On-Line Manual Pages
XSPASSWD(1) DragonFly General Commands Manual XSPASSWD(1)
NAME
xspasswd - Manager for WWW authentication passwords
SYNOPSIS
xspasswd [-b | -d] [-l | -u] [-r] [-f filename] [username]
DESCRIPTION
`xspasswd' is a program that lets you manage the usercode/password
database for the authentication feature of the xs-httpd webserver.
Authentication works very simply: if a file called .xsauth is present in
the directory in which a file is going to be retrieved, then the remote
user will be asked for a usercode and password before the file is allowed
to be retrieved. This program manages the .xsauth file. Using the -f
flag an alternative filename can be used; however these files are not
automatically recognised by the server as authentication files.
The program accepts the mutually exclusive arguments -l to lock an
account and -u to unlock an account. Locked accounts may not be changed
using the web-interface (see below). By default all accounts are
unlocked.
The other options are also mutually exclusive: -b to store passwords for
basic authentication (the old method, where passwords will be stored
encrypted, but sent over the wire in plain text) and -d to store
passwords for use with digest authentication (where more sensitive
information is stored on disk, but only the checksum of user and password
data is sent over the wire). However in this case password hashes are
also stored to be able to handle basic authentication fallback in case
the client doesn't understand digest authentication.
For optimal security it is suggested local data is never made accessible
to other users of the system and that authentication details and
sensitive content are transferred over a secure channel (i.e. using
https). In this case digest authentication does not add any additional
security.
Use the -r option to remove a user from the authentication file. Note
that the options that control the account type will be ignored when -r is
given. That is: the named account will be removed even if these options
(locked, digest, ..) do not match.
EXAMPLES
Change your current directory to the directory that you wish to protect
with usercodes and passwords. Note that subdirectories of that
subdirectory will also be protected. Then, type `xspasswd'. The program
will ask you for a username (unless you already supplied this as an
argument on the command line). Next, the program asks for a password for
that username.The program will ask you to re-enter the password after you
have given it. When you have done this, the program will update (or
create) the .xsauth file.
By running the program again, you can add as many usercodes and passwords
as you wish. You can also use this program to change passwords. Just type
an existing username when the program prompts you for a username. You do
not have to enter the old password. Be aware that the locked status and
digest hash may be lost if you don't specify -l and -d when changing a
password, since the options default to -u and -b.
DIAGNOSTICS
The xspasswd utility exits 0 on success, and >0 if an error occurs.
SEE ALSO
httpd(1), xschpass(1), xsauth(5)
The project homepage: http://www.xs-httpd.org/
STANDARDS
HTTP Authentication: Basic and Digest Access Authentication, RFC 2617,
June 1999.
xs-httpd/3.5 March 26, 1996 xs-httpd/3.5