PassManage


I got tired of dropping into terminal mode to add users to my .htpasswd file. I decided to write a simple web utility to do this for me. Like all such projects it took on a life of its own. I am making this freely available under the normal restrictions and covenants of and rules of open source licensing. This software is available “as is”. If you like it, feel free to let me know that you find it useful.

You can use PassManage to create and administer an .htpasswd file for Apache. You can add and delete users, change passwords or verify passwords.

PassManage does not require a PassManage.ini file, but it will look for one it its local directory. The default values are in the PassManage.ini file for documentation. If you do not specify a path for the .htpasswd file, it will create one in its current directory.

Under normal circumstances you would not want to put password files in the web documents directory. The default value allows you to play with this and some people really DO like to have the .htpasswd file in the web directories.

If you are unfamiliar with Apache authentication, I have supplied a sample '.htaccess' file. You can edit it to suit your local needs. You can drop it in the root of your web documents directory after editing, but it is strongly recommended that you read your Apache documentation about how this works.

Win32 Users Take Note!

Unix systems let you specify an '.htpasswd' file without a pathname and Apache will look for it in the current directory. So far as I could figure out, Apache under Windows will not let you do that. You have to specify a full pathname to the password file. Under UNIX, files beginning with a dot are not normally casually visible, but have no meaning under Win32. The dot has no functional meaning except to better hide the file on Unix systems.

PassManage.ini Settings

All configuration options are case insensitive.

Encryption:

Apache on Windows appears to default to MD5 encryption so I check for host operating system and default encryption to MD5. The screen gives you the option of using MD5 encryption based on this test. You can override this and make the default MD5. You can also set the checkbox to be read only. This may make particular sense if you let other less experienced operators add users.

These are the ini file settings to control MD5 encryption

UseMD5 = false
AllowMD5OverRide = true

Access Restrictions:

Using a web Utility to manage passwords has its risks. There are two options that you can use to lock things down.

Set LocalHostOnly to true and only the localhost user will be able to use it. The default for this is off. If you only have one machine, you might as well set this to true.

Set SubNetOnly to true and only users within the same subnet as your server will be able to use the tool. The default for this is on.

Access Restriction Settings

LocalHostOnly = false
SubNetOnly = true

Features to come:

I can easily add the ability to manage multiple .htpasswd files from one screen. I did not need that myself so I did not add that, but if someone needs it I will happily add that feature.

Contact and questions:

Daniel Doman
www.resperfecta.com