Item4544: Document special format used in .htpasswd for email addresses

Priority: Normal
Current State: Closed
Released In: 1.1.3
Target Release: patch
Applies To: Engine
Component: Documentation, HtPasswdUser
Reported By: TWiki:Main.SteffenPoulsen
Waiting For:
Last Change By: KennethLavrsen
[08:28:59] <Lavr> SteffenPoulsen. Remember when you advice people to use the htpasswd utility that it deletes all email addresses from .htpasswd
[08:29:22] <Lavr> Or at least from the entry to change
[08:30:13] <SteffenPoulsen> ah yep - forgot that, good point :-)
<Lavr> I usually run the htpasswd utility on a new password file
and then copy paste the result into the real one
[08:31:05] <SteffenPoulsen> yes, me too .. wonder if there's a topic I could have pointed to on the procedure
[08:32:07] <SvenDowideit> how about a commented out line that is added to the topof the .htpasswd file?
[08:32:55] * CDot has joined #twiki
[08:33:35] * marclaporte has joined #twiki
<Lavr> Yes when it is created. That would not be a bad idea. "Do
not use htpasswd utility on this file. See "URL to t.o FAQ topic"
[08:34:32] <SteffenPoulsen> pls go implement :-)
[08:35:25] <SvenDowideit> please add bug item
[08:35:42] <SvenDowideit> twikibot, make new bug?
[08:35:51] <SteffenPoulsen> :-)

-- TWiki:Main/SteffenPoulsen - 04 Sep 2007

Unsure about this, I don't think storing information directly in the .htpasswd file is an option (all entries are read and written on user updates, non-standard lines are lost in the process).

Perhaps a simple thing like this would be OK (create an additional .htpasswd.README file on creation time).

Index: lib/TWiki/Users/
--- lib/TWiki/Users/     (revision 14913)
+++ lib/TWiki/Users/     (working copy)
@@ -123,6 +123,21 @@
 sub _savePasswd {
     my $db = shift;

+    unless (-e "$TWiki::cfg{Htpasswd}{FileName}" ) {
+        # Item4544: Add pointer to topic on special format used in .htpasswd
+        umask( 077 );
+        open( FILE, ">$TWiki::cfg{Htpasswd}{FileName}.README" ) ||
+          throw Error::Simple( $TWiki::cfg{Htpasswd}{FileName}.
+                                 '.README open failed: '.$! );
+        print FILE "# TWiki uses a specially crafted .htpasswd file format that should not be\n";
+        print FILE "# manipulated using a standard htpasswd utility.\n";
+        print FILE "# (3rd-party utilities does not support the e-mail address format used).\n";
+        print FILE "# \n";
+        print FILE "# More information available at:\n";
+        close( FILE);
+    }
     umask( 077 );
     open( FILE, ">$TWiki::cfg{Htpasswd}{FileName}" ) ||
       throw Error::Simple( $TWiki::cfg{Htpasswd}{FileName}.

If it is enough for this item, only todo is to create the topic linked to.

-- TWiki:Main.SteffenPoulsen - 17 Sep 2007

Confirmed, and applies to


Added a warning to UserAuthentication where it discusses sharing the .htpasswd file with other applications. Also updated HtPasswdUser to write the readme when creating a new .htpasswd file.

-- GeorgeClark - 25 Mar 2011

ItemTemplate edit

Summary Document special format used in .htpasswd for email addresses
ReportedBy TWiki:Main.SteffenPoulsen
Codebase 1.1.3 beta1, 1.1.2, 1.1.1, 1.1.0, trunk
SVN Range TWiki-4.2.0, Thu, 30 Aug 2007, build 14664
AppliesTo Engine
Component Documentation, HtPasswdUser
Priority Normal
CurrentState Closed
Checkins distro:5fa64c823780 distro:c1b4c21a8523 distro:3f6fdb2a5daf distro:afd470ad330a
TargetRelease patch
ReleasedIn 1.1.3
Topic revision: r12 - 16 Apr 2011, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy