Skip to main content

Buildout recipe for create and update the flat-files used to store usernames and password for basic authentication of HTTP users

Project description

Introdution

This recipe can be used to generate files for basic authentication of HTTP users, to restrict the access to HTTP resoruces. The aim is to be fully compatible with the htpasswd program that come with the Apache httpd Server, and support all the password formats that it supports. This formats, with some minor diffenrences in the case of the plain method, are also supported by the auth_basic module of the nginx http server.

This recipe support crypt, md5 (APR md5 algorithm), plain and sha1 algorithms for storage passwords. The crypt algorithm is based on the system’s crypt() routine, so it inherits its limitations (see: man 5 crypt).

Note: The plaintext passowrds are only accepted by the Apache httpd server on Windows and Netware.

Caution: This recipe should not be used to update an existing htpasswd file, because it overwritte the htpasswd file in every update.

Example usage

The simplest way to use this recipe is to add a part in buildout.cfg like this:

[buildout]
parts = htpasswd

[htpasswd]
recipe = collective.recipe.htpasswd
output = ${buildout:directory}/etc/htpasswd
credentials =
    nueces:secret
    nutz:crackme

One example using the sha1 algorithm:

[buildout]
parts = htpasswd

[htpasswd]
recipe = collective.recipe.htpasswd
output = ${buildout:directory}/etc/htpasswd
algorithm = sha1
credentials =
    nueces:secret
    nutz:crackme

For use the md5 algorithm this recipe relies in the python-aprmd5 package, then to install it you must modify the buildout part to include the md5 extras_require setting and install the build depencies for the python-aprmd5 package. In Debian GNU/Linux the package is the libaprutil1-dev. It contain the develoment headers of the Apache Portable Runtime Utility Library.

After that modify the part in the buildout.cfg it must look like this:

[buildout]
parts = htpasswd

[htpasswd]
recipe = collective.recipe.htpasswd [md5]
output = ${buildout:directory}/etc/htpasswd
algorithm = md5
credentials =
    nueces:secret
    nutz:crackme

Note: For a bug in zc.buildout if you need to use this recipe with the md5 and the plain or crypt algorithms in two o more parts, you must declare first the one that use the md5 extras_require.

Supported options

  • output: Specify a path to the output file. The path will be created if it does not exist.
  • credentials: One set per line of credentials formed by username and password separated by a colon. e.g. <username>:<password>.
  • mode: Specified with octal numbers, as in the chmod program. e.g. 640. If it not set the file are created with the mask mode from the system enviroment.
  • algorithm: The supported options are crypt, md5, plain and sha1. Default to cypt.

Development

Contributors

Juan A. Diaz (nueces), Author

History

0.1a3 (2013-03-27)

  • Added support for the sha1 algorithm. [Juan A. Diaz (nueces)]

0.1a2 (2013-02-18)

  • Added support for the apr md5 algorithm. [Juan A. Diaz (nueces)]

0.1a1 (2013-01-30)

  • Created recipe with ZopeSkel
  • Initial alpha release. [Juan A. Diaz (nueces)]

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
collective.recipe.htpasswd-0.1a3.zip (32.5 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page