Skip to main content

Buildout recipe for create and update the flat-files used to store usernames and password for basic authentication of HTTP users

Project description

Introdution

This recipe can be used to generate files for basic authentication of HTTP users, to restrict the access to HTTP resoruces. The aim is to be fully compatible with the htpasswd program that come with the Apache httpd Server, and support all the password formats that it supports. This formats, with some minor diffenrences in the case of the plain method, are also supported by the auth_basic module of the nginx http server.

At this moment this recipe support plain, crypt and md5 (APR md5 algorithm) for storage passwords. The crypt algorithm is based on the system’s crypt() routine, so it inherits its limitations (see: man 5 crypt).

Note: The plaintext passowrds are only accepted by the Apache httpd server on Windows and Netware.

Caution: This recipe should not be used to update an existing htpasswd file, because it overwritte the htpasswd file in every update.

Example usage

The simplest way to use this recipe is to add a part in buildout.cfg like this:

[buildout]
parts = htpasswd

[htpasswd]
recipe = collective.recipe.htpasswd
output = ${buildout:directory}/etc/htpasswd
credentials =
    nueces:secret
    nutz:crackme

For use the md5 method this recipe relies in the python-aprmd5 package, then to install it you must modify the buildout part to include the md5 extras_require setting and install the build depencies for the python-aprmd5 package. In Debian GNU/Linux the package is the libaprutil1-dev. It contain the develoment headers of the Apache Portable Runtime Utility Library.

After that modify the part in the buildout.cfg it must look like this:

[buildout]
parts = htpasswd

[htpasswd]
recipe = collective.recipe.htpasswd [md5]
output = ${buildout:directory}/etc/htpasswd
algorithm = md5
credentials =
    nueces:secret
    nutz:crackme

Note: For a bug in zc.buildout if you need to use this recipe with the md5 and the plain or crypt algorithms in two o more parts, you must declare first the one that use the md5 extras_require.

Supported options

  • output: Specify a path to the output file. The path will be created if it does not exist.

  • credentials: One set per line of credentials formed by username and password separated by a colon. e.g. <username>:<password>.

  • mode: Specified with octal numbers, as in the chmod program. e.g. 640. If it not set the file are created with the mask mode from the system enviroment.

  • algorithm: The supported options are crypt, plain and md5. Default to cypt.

Development

Contributors

Juan A. Diaz (nueces), Author

History

0.1a2 (2013-02-18)

  • Added support for the apr md5 algorithm. [Juan A. Diaz (nueces)]

0.1a1 (2013-01-30)

  • Created recipe with ZopeSkel

  • Initial alpha release. [Juan A. Diaz (nueces)]

Download

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

collective.recipe.htpasswd-0.1a2.zip (32.3 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page