How do you htdigest 400 user accounts?
You can also check out the python script that trac distributes on their website for htdigest passwords, you can then automate it:
Generating htdigest passwords without Apache
They also suggest something along these lines will work:
It is possible to use md5sum utility to generate digest-password file using such method:
$ printf "${user}:trac:${password}" | md5sum - >>user.htdigest
and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'.
I have tested this on FreeBSD, not sure if this will work on Linux or Windows, so you may need to modify it a little:
(echo -n "user:realm:" && echo -n "user:realm:testing" | md5) > outfile
outfile contains:
user:realm:84af20dd88a2456d3bf6431fe8a59d16
Same thing with htdigest:
htdigest -c outfile2 realm user
output in outfile2
user:realm:84af20dd88a2456d3bf6431fe8a59d16
They are both the same, thereby proving correctness of the command line implementation!
(Aside: On unix/linux the first one should be:
echo password | htdigest -c realm username$1
)
As htdigest doesn't have any nice way to pass the password in, I would use expect
to automate the process.
An example from http://www.seanodonnell.com/code/?id=21:
#!/usr/bin/expect##########################################$ file: htpasswd.sh#$ desc: Automated htpasswd shell script##########################################$#$ usage example:#$#$ ./htpasswd.sh passwdpath username userpass#$######################################set htpasswdpath [lindex $argv 0]set username [lindex $argv 1]set userpass [lindex $argv 2]# spawn the htpasswd command processspawn htpasswd $htpasswdpath $username# Automate the 'New password' Procedureexpect "New password:"send "$userpass\r"expect "Re-type new password:"send "$userpass\r"
It's left as an exercise to the user to convert this for Windows if required.
Here is a script that will read in a list of user names, generate a random password for each, and output them to both an htdigest file, and a plain text file. It has been tested on Linux, but may need to be modified for other systems. In particular, md5sum
may be md5
, and head
does always accept the -c
flag.
#!/bin/bash# auth realm for digest authAUTH_REALM=MyRealm# file locations# a file containing a list of user names,# one name per line, e.g.,# $ cat users.txt# joe# curly# larryUSER_FILE=users.txt# htdigest file, needs to existHTDIGEST_FILE=passwd.htdigest# insecure password filePASSWD_FILE=passwd.txt# read the names from the user filewhile read username do # generate a pseudo-random password rand_pw=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8` # hash the username, realm, and password htdigest_hash=`printf $username:$AUTH_REALM:$rand_pw | md5sum -` # build an htdigest appropriate line, and tack it onto the file echo "$username:$AUTH_REALM:${htdigest_hash:0:32}" >> $HTDIGEST_FILE # put the username and password in plain text # clearly, this is terribly insecure, but good for # testing and importing echo "$username:$rand_pw" >> $PASSWD_FILEdone < $USER_FILE
This is what the input and results look like, first the user names file:
$ cat users.txt joecurlylarry
Running the script:
$ ./load_users.bash
The resulting htdigest file:
$ cat passwd.htdigestjoe:MyRealm:2603a6c581f336f2874dbdd253aee780curly:MyRealm:fd3f9d87bba654439d5ba1f32c0286a8larry:MyRealm:c1c3c0dc50a9b97e9f7ee582e3fce892
And the plain text file:
$ cat passwd.txt joe:aLnqnrv0curly:3xWxHKmvlarry:7v7m6mXY