is a program that lets you manage the usercode/password
database for the authentication feature of the xs-httpd
Authentication works very simply: if a file called
is present in the directory in which a file is going to be
retrieved, then the remote user will be asked for a usercode
and password before the file is allowed to be retrieved.
This program manages the
file. Using the
flag an alternative filename can be used; however these files
are not automatically recognised by the server as authentication
The program accepts the mutually exclusive arguments
to lock an account and
to unlock an account. Locked accounts may not be changed
using the web-interface (see below). By default all accounts
The other options are also mutually exclusive:
to store passwords for basic authentication (the old method,
where passwords will be stored encrypted, but sent over the
wire in plain text) and
to store passwords for use with digest authentication (where
more sensitive information is stored on disk, but only the
checksum of user and password data is sent over the wire).
However in this case password hashes are also stored to be
able to handle basic authentication fallback in case the
client doesnt understand digest authentication.
For optimal security it is suggested local data is never
made accessible to other users of the system and that
authentication details and sensitive content are
transferred over a secure channel (i.e. using https).
In this case digest authentication does not add
any additional security.
option to remove a user from the authentication file.
Note that the options that control the account type will be
is given. That is: the named account will be removed even
if these options (locked, digest, ..) do not match.
Change your current directory to the directory that you wish
to protect with usercodes and passwords. Note that
subdirectories of that subdirectory will also be protected.
The program will ask you for a username (unless you already
supplied this as an argument on the command line). Next, the
program asks for a password for that username.The program
will ask you to re-enter the password after you have given
it. When you have done this, the program will update (or
By running the program again, you can add as many usercodes
and passwords as you wish. You can also use this program to
change passwords. Just type an existing username when the
program prompts you for a username. You do not have to enter
the old password. Be aware that the locked status and digest
hash may be lost if you dont specify
when changing a password, since the options default to