Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: docs@httpd.apache.org
Received-SPF: pass (hermes.apache.org: local policy)
Date: Fri, 11 Mar 2005 17:52:34 -0800 (PST)
From: Matt Brubeck <mbrubeck@cs.hmc.edu>
Sender: mbrubeck@cs.hmc.edu
To: docs@httpd.apache.org
Subject: [PATCH] New htdbm documentation
Message-ID: <Pine.GSO.4.58.0503111750570.24076@turing>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

The patch below adds documentation for the "htdbm" command.  The patch
is against httpd-trunk.  The new documentation is based largely on the
docs for "htpasswd" and "dbmmanage" and the output of "htdbm --help".
Some information is new, and is based on my understanding of the htdbm
source code.

This is my first contribution to Apache.  Do you need a written
copyright assignment, or any other information?


Index: docs/man/htdbm.1
===================================================================
--- docs/man/htdbm.1	(revision 0)
+++ docs/man/htdbm.1	(revision 0)
@@ -0,0 +1,169 @@
+.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+.\" DO NOT EDIT! Generated from XML source.
+.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "HTDBM" 1 "2005-03-12" "Apache HTTP Server" "htdbm"
+
+.SH NAME
+htdbm \- Manipulate DBM password databases
+
+.SH "SYNOPSIS"
+
+.PP
+\fBhtdbm\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBx\fR ] \fIfilename\fR \fIusername\fR
+
+.PP
+\fBhtdbm\fR -\fBb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR
+
+.PP
+\fBhtdbm\fR -\fBn\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR
+
+.PP
+\fBhtdbm\fR -\fBnb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR \fIpassword\fR
+
+.PP
+\fBhtdbm\fR -\fBv\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR
+
+.PP
+\fBhtdbm\fR -\fBvb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR
+
+.PP
+\fBhtdbm\fR -\fBx\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBm\fR | -\fBd\fR | -\fBp\fR | -\fBs\fR ] \fIfilename\fR \fIusername\fR
+
+.PP
+\fBhtdbm\fR -\fBl\fR [ -\fBT\fR\fIDBTYPE\fR ]
+
+
+.SH "SUMMARY"
+
+.PP
+htdbm is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_auth_dbm\&. See the dbmmanage documentation for more information about these DBM files\&.
+
+
+.SH "OPTIONS"
+
+
+.TP
+-b
+Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&.
+.TP
+-c
+Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is rewritten and truncated\&. This option cannot be combined with the -n option\&.
+.TP
+-n
+Display the results on standard output rather than updating a database\&. This option changes the syntax of the command line, since the \fIpasswdfile\fR argument (usually the first one) is omitted\&. It cannot be combined with the -c option\&.
+.TP
+-m
+Use MD5 encryption for passwords\&. On Windows, Netware and TPF, this is the default\&.
+.TP
+-d
+Use crypt() encryption for passwords\&. The default on all platforms but Windows, Netware and TPF\&. Though possibly supported by htdbm on all platforms, it is not supported by the httpd server on Windows, Netware and TPF\&.
+.TP
+-s
+Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&.
+.TP
+-p
+Use plaintext passwords\&. Though htdbm will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows, Netware and TPF\&.
+.TP
+-l
+Print each of the usernames and comments from the database on stdout\&.
+.TP
+-t
+Interpret the final parameter as a comment\&. When this option is specified, an additional string can be appended to the command line; this string will be stored in the "Comment" field of the database, associated with the specified username\&.
+.TP
+-v
+Verify the username and password\&. The program will print a message indicating whether the supplied password is valid\&. If the password is invalid, the program exits with error code 3\&.
+.TP
+-x
+Delete user\&. If the username exists in the specified DBM file, it will be deleted\&.
+.TP
+\fIfilename\fR
+The filename of the DBM format file\&. Usually without the extension \&.db, \&.pag, or \&.dir\&. If -c is given, the DBM file is created if it does not already exist, or updated if it does exist\&.
+.TP
+\fIusername\fR
+The username to create or update in \fIpasswdfile\fR\&. If \fIusername\fR does not exist in this file, an entry is added\&. If it does exist, the password is changed\&.
+.TP
+\fIpassword\fR
+The plaintext password to be encrypted and stored in the DBM file\&. Used only with the -b flag\&.
+.TP
+-T\fIDBTYPE\fR
+Type of DBM file (SDBM, GDBM, DB, or "default")\&.
+
+.SH "BUGS"
+
+.PP
+One should be aware that there are a number of different DBM file formats in existence, and with all likelihood, libraries for more than one format may exist on your system\&. The three primary examples are SDBM, NDBM, the GNU project's GDBM, and Berkeley DB 2\&. Unfortunately, all these libraries use different file formats, and you must make sure that the file format used by \fIfilename\fR is the same format that htdbm expects to see\&. htdbm currently has no way of determining what type of DBM file it is looking at\&. If used against the wrong format, will simply return nothing, or may create a different DBM file with a different name, or at worst, it may corrupt the DBM file if you were attempting to write to it\&.
+
+.PP
+One can usually use the file program supplied with most Unix systems to see what format a DBM file is in\&.
+
+.SH "EXIT STATUS"
+
+.PP
+htdbm returns a zero status ("true") if the username and password have been successfully added or updated in the DBM File\&. htdbm returns 1 if it encounters some problem accessing files, 2 if there was a syntax problem with the command line, 3 if the password was entered interactively and the verification entry didn't match, 4 if its operation was interrupted, 5 if a value is too long (username, filename, password, or final computed record), 6 if the username contains illegal characters (see the Restrictions section), and 7 if the file is not a valid DBM password file\&.
+
+.SH "EXAMPLES"
+
+.nf
+
+      htdbm /usr/local/etc/apache/\&.htdbm-users jsmith
+
+.fi
+
+.PP
+Adds or modifies the password for user jsmith\&. The user is prompted for the password\&. If executed on a Windows system, the password will be encrypted using the modified Apache MD5 algorithm; otherwise, the system's crypt() routine will be used\&. If the file does not exist, htdbm will do nothing except return an error\&.
+
+.nf
+
+      htdbm -c /home/doe/public_html/\&.htdbm jane
+
+.fi
+
+.PP
+Creates a new file and stores a record in it for user jane\&. The user is prompted for the password\&. If the file exists and cannot be read, or cannot be written, it is not altered and htdbm will display a message and return an error status\&.
+
+.nf
+
+      htdbm -mb /usr/web/\&.htdbm-all jones Pwd4Steve
+
+.fi
+
+.PP
+Encrypts the password from the command line (Pwd4Steve) using the MD5 algorithm, and stores it in the specified file\&.
+
+.SH "SECURITY CONSIDERATIONS"
+
+.PP
+Web password files such as those managed by htdbm should \fInot\fR be within the Web server's URI space -- that is, they should not be fetchable with a browser\&.
+
+.PP
+The use of the -b option is discouraged, since when it is used the unencrypted password appears on the command line\&.
+
+.SH "RESTRICTIONS"
+
+.PP
+On the Windows and MPE platforms, passwords encrypted with htdbm are limited to no more than 255 characters in length\&. Longer passwords will be truncated to 255 characters\&.
+
+.PP
+The MD5 algorithm used by htdbm is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers\&.
+
+.PP
+Usernames are limited to 255 bytes and may not include the character :\&.
+
Index: docs/manual/programs/configure.html.en
===================================================================
--- docs/manual/programs/configure.html.en	(revision 157179)
+++ docs/manual/programs/configure.html.en	(working copy)
@@ -831,7 +831,6 @@
       <dt><code>--enable-static-checkgid</code></dt>
       <dd>Build a statically linked version of <code>checkgid</code>.</dd>

-
       <dt><code>--enable-static-htdbm</code></dt>
       <dd>Build a statically linked version of <code>htdbm</code>.</dd>

Index: docs/manual/programs/htdbm.html.en
===================================================================
--- docs/manual/programs/htdbm.html.en	(revision 0)
+++ docs/manual/programs/htdbm.html.en	(revision 0)
@@ -0,0 +1,281 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+              This file is generated from xml source: DO NOT EDIT
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      -->
+<title>htdbm - Manipulate DBM password databases - Apache HTTP Server</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.1</p>
+<img alt="" src="../images/feather.gif" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.1</a> &gt; <a href="./">Programs</a></div><div id="page-content"><div id="preamble"><h1>htdbm - Manipulate DBM password databases</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/programs/htdbm.html" title="English">&nbsp;en&nbsp;</a></p>
+</div>
+
+    <p><code>htdbm</code> is used to manipulate the DBM format files used to
+    store usernames and password for basic authentication of HTTP users via
+    <code class="module"><a href="../mod/mod_auth_dbm.html">mod_auth_dbm</a></code>.  See the <code class="program"><a href="../programs/dbmmanage.html">dbmmanage</a></code>
+    documentation for more information about these DBM files.</p>
+</div>
+<div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#synopsis">Synopsis</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#options">Options</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#bugs">Bugs</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#exit">Exit Status</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#examples">Examples</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#security">Security Considerations</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#restrictions">Restrictions</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><code class="program"><a href="../programs/httpd.html">httpd</a></code></li><li><code class="program"><a href="../programs/dbmmanage.html">dbmmanage</a></code></li><li><code class="module"><a href="../mod/mod_auth_dbm.html">mod_auth_dbm</a></code></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="synopsis" id="synopsis">Synopsis</a></h2>
+    <p><code><strong>htdbm</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    [ -<strong>x</strong> ]
+    <var>filename</var> <var>username</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>b</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>filename</var> <var>username</var> <var>password</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>n</strong>
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>username</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>nb</strong>
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>username</var> <var>password</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>v</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>filename</var> <var>username</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>vb</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>filename</var> <var>username</var> <var>password</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>x</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    <var>filename</var> <var>username</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>l</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    </code></p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="options" id="options">Options</a></h2>
+    <dl>
+    <dt><code>-b</code></dt>
+    <dd>Use batch mode; <em>i.e.</em>, get the password from the command line
+    rather than prompting for it. This option should be used with extreme care,
+    since <strong>the password is clearly visible</strong> on the command
+    line.</dd>
+
+    <dt><code>-c</code></dt>
+    <dd>Create the <var>passwdfile</var>. If <var>passwdfile</var> already
+    exists, it is rewritten and truncated. This option cannot be combined with
+    the <code>-n</code> option.</dd>
+
+    <dt><code>-n</code></dt>
+    <dd>Display the results on standard output rather than updating a
+    database.  This option changes the syntax of the command line, since the
+    <var>passwdfile</var> argument (usually the first one) is omitted. It
+    cannot be combined with the <code>-c</code> option.</dd>
+
+    <dt><code>-m</code></dt>
+    <dd>Use MD5 encryption for passwords. On Windows, Netware and TPF, this is
+    the default.</dd>
+
+    <dt><code>-d</code></dt>
+    <dd>Use <code>crypt()</code> encryption for passwords. The default on all
+    platforms but Windows, Netware and TPF. Though possibly supported by
+    <code>htdbm</code> on all platforms, it is not supported by the
+    <code class="program"><a href="../programs/httpd.html">httpd</a></code> server on Windows, Netware and TPF.</dd>
+
+    <dt><code>-s</code></dt>
+    <dd>Use SHA encryption for passwords. Facilitates migration from/to Netscape
+    servers using the LDAP Directory Interchange Format (ldif).</dd>
+
+    <dt><code>-p</code></dt>
+    <dd>Use plaintext passwords. Though <code>htdbm</code> will support
+    creation on all platforms, the <code class="program"><a href="../programs/httpd.html">httpd</a></code> daemon will
+    only accept plain text passwords on Windows, Netware and TPF.</dd>
+
+    <dt><code>-l</code></dt>
+    <dd>Print each of the usernames and comments from the database on
+    stdout.</dd>
+
+    <dt><code>-t</code></dt>
+    <dd>Interpret the final parameter as a comment.  When this option is
+    specified, an additional string can be appended to the command line; this
+    string will be stored in the "Comment" field of the database, associated
+    with the specified username.</dd>
+
+    <dt><code>-v</code></dt>
+    <dd>Verify the username and password.  The program will print a message
+    indicating whether the supplied password is valid.  If the password is
+    invalid, the program exits with error code 3.</dd>
+
+    <dt><code>-x</code></dt>
+    <dd>Delete user. If the username exists in the specified DBM file, it
+    will be deleted.</dd>
+
+    <dt><code><var>filename</var></code></dt>
+    <dd>The filename of the DBM format file. Usually without the extension
+    <code>.db</code>, <code>.pag</code>, or <code>.dir</code>.  If
+    <code>-c</code> is given, the DBM file is created if it does not already
+    exist, or updated if it does exist.</dd>
+
+    <dt><code><var>username</var></code></dt>
+    <dd>The username to create or update in <var>passwdfile</var>. If
+    <var>username</var> does not exist in this file, an entry is added. If it
+    does exist, the password is changed.</dd>
+
+    <dt><code><var>password</var></code></dt>
+    <dd>The plaintext password to be encrypted and stored in the DBM file.
+    Used only with the <code>-b</code> flag.</dd>
+
+    <dt><code>-T<var>DBTYPE</var></code></dt>
+    <dd>Type of DBM file (SDBM, GDBM, DB, or "default").</dd>
+    </dl>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="bugs" id="bugs">Bugs</a></h2>
+    <p>One should be aware that there are a number of different DBM file
+    formats in existence, and with all likelihood, libraries for more than one
+    format may exist on your system. The three primary examples are SDBM,
+    NDBM, the GNU project's GDBM, and Berkeley DB 2. Unfortunately, all these
+    libraries use different file formats, and you must make sure that the file
+    format used by <var>filename</var> is the same format that
+    <code>htdbm</code> expects to see. <code>htdbm</code> currently
+    has no way of determining what type of DBM file it is looking at. If used
+    against the wrong format, will simply return nothing, or may create a
+    different DBM file with a different name, or at worst, it may corrupt the
+    DBM file if you were attempting to write to it.</p>
+
+    <p>One can usually use the <code>file</code> program supplied with most
+    Unix systems to see what format a DBM file is in.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="exit" id="exit">Exit Status</a></h2>
+    <p><code>htdbm</code> returns a zero status ("true") if the username and
+    password have been successfully added or updated in the DBM File.
+    <code>htdbm</code> returns <code>1</code> if it encounters some problem
+    accessing files, <code>2</code> if there was a syntax problem with the
+    command line, <code>3</code> if the password was entered interactively and
+    the verification entry didn't match, <code>4</code> if its operation was
+    interrupted, <code>5</code> if a value is too long (username, filename,
+    password, or final computed record), <code>6</code> if the username
+    contains illegal characters (see the <a href="#restrictions">Restrictions
+    section</a>), and <code>7</code> if the file is not a valid DBM password
+    file.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="examples" id="examples">Examples</a></h2>
+    <div class="example"><p><code>
+      htdbm /usr/local/etc/apache/.htdbm-users jsmith
+    </code></p></div>
+
+    <p>Adds or modifies the password for user <code>jsmith</code>. The user
+    is prompted for the password. If executed on a Windows system, the password
+    will be encrypted using the  modified Apache MD5 algorithm; otherwise, the
+    system's <code>crypt()</code> routine will be used. If the file does not
+    exist, <code>htdbm</code> will do nothing except return an error.</p>
+
+    <div class="example"><p><code>
+      htdbm -c /home/doe/public_html/.htdbm jane
+    </code></p></div>
+
+    <p>Creates a new file and stores a record in it for user <code>jane</code>.
+    The user is prompted for the password. If the file exists and cannot be
+    read, or cannot be written, it is not altered and <code>htdbm</code>
+    will display a message and return an error status.</p>
+
+    <div class="example"><p><code>
+      htdbm -mb /usr/web/.htdbm-all jones Pwd4Steve
+    </code></p></div>
+
+    <p>Encrypts the password from the command line (<code>Pwd4Steve</code>)
+    using the MD5 algorithm, and stores it in the specified file.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="security" id="security">Security Considerations</a></h2>
+    <p>Web password files such as those managed by <code>htdbm</code> should
+    <em>not</em> be within the Web server's URI space -- that is, they should
+    not be fetchable with a browser.</p>
+
+    <p>The use of the <code>-b</code> option is discouraged, since when it is
+    used the unencrypted password appears on the command line.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="restrictions" id="restrictions">Restrictions</a></h2>
+    <p>On the Windows and MPE platforms, passwords encrypted with
+    <code>htdbm</code> are limited to no more than <code>255</code>
+    characters in length. Longer passwords will be truncated to 255
+    characters.</p>
+
+    <p>The MD5 algorithm used by <code>htdbm</code> is specific to the Apache
+    software; passwords encrypted using it will not be usable with other Web
+    servers.</p>
+
+    <p>Usernames are limited to <code>255</code> bytes and may not include the
+    character <code>:</code>.</p>
+</div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/programs/htdbm.html" title="English">&nbsp;en&nbsp;</a></p>
+</div><div id="footer">
+<p class="apache">Copyright 1995-2005 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
+</body></html>
\ No newline at end of file
Index: docs/manual/programs/configure.xml
===================================================================
--- docs/manual/programs/configure.xml	(revision 157179)
+++ docs/manual/programs/configure.xml	(working copy)
@@ -842,7 +842,6 @@
       <dt><code>--enable-static-checkgid</code></dt>
       <dd>Build a statically linked version of <code>checkgid</code>.</dd>

-      <!-- missing documentation for htdbm -->
       <dt><code>--enable-static-htdbm</code></dt>
       <dd>Build a statically linked version of <code>htdbm</code>.</dd>

Index: docs/manual/programs/htdbm.xml
===================================================================
--- docs/manual/programs/htdbm.xml	(revision 0)
+++ docs/manual/programs/htdbm.xml	(revision 0)
@@ -0,0 +1,276 @@
+<?xml version='1.0' encoding='UTF-8' ?>
+<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+<!-- $LastChangedRevision: 151405 $ -->
+
+<!--
+ Copyright 2003-2005 The Apache Software Foundation or its licensors, as
+ applicable.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manualpage metafile="htdbm.xml.meta">
+<parentdocument href="./">Programs</parentdocument>
+
+<title>htdbm - Manipulate DBM password databases</title>
+
+<summary>
+    <p><code>htdbm</code> is used to manipulate the DBM format files used to
+    store usernames and password for basic authentication of HTTP users via
+    <module>mod_auth_dbm</module>.  See the <program>dbmmanage</program>
+    documentation for more information about these DBM files.</p>
+</summary>
+<seealso><program>httpd</program></seealso>
+<seealso><program>dbmmanage</program></seealso>
+<seealso><module>mod_auth_dbm</module></seealso>
+
+<section id="synopsis"><title>Synopsis</title>
+    <p><code><strong>htdbm</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    [ -<strong>x</strong> ]
+    <var>filename</var> <var>username</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>b</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>filename</var> <var>username</var> <var>password</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>n</strong>
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>username</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>nb</strong>
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>username</var> <var>password</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>v</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>filename</var> <var>username</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>vb</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>c</strong> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    [ -<strong>t</strong> ]
+    [ -<strong>v</strong> ]
+    <var>filename</var> <var>username</var> <var>password</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>x</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    [ -<strong>m</strong> |
+      -<strong>d</strong> |
+      -<strong>p</strong> |
+      -<strong>s</strong> ]
+    <var>filename</var> <var>username</var></code></p>
+
+    <p><code><strong>htdbm</strong> -<strong>l</strong>
+    [ -<strong>T</strong><var>DBTYPE</var> ]
+    </code></p>
+</section>
+
+<section id="options"><title>Options</title>
+    <dl>
+    <dt><code>-b</code></dt>
+    <dd>Use batch mode; <em>i.e.</em>, get the password from the command line
+    rather than prompting for it. This option should be used with extreme care,
+    since <strong>the password is clearly visible</strong> on the command
+    line.</dd>
+
+    <dt><code>-c</code></dt>
+    <dd>Create the <var>passwdfile</var>. If <var>passwdfile</var> already
+    exists, it is rewritten and truncated. This option cannot be combined with
+    the <code>-n</code> option.</dd>
+
+    <dt><code>-n</code></dt>
+    <dd>Display the results on standard output rather than updating a
+    database.  This option changes the syntax of the command line, since the
+    <var>passwdfile</var> argument (usually the first one) is omitted. It
+    cannot be combined with the <code>-c</code> option.</dd>
+
+    <dt><code>-m</code></dt>
+    <dd>Use MD5 encryption for passwords. On Windows, Netware and TPF, this is
+    the default.</dd>
+
+    <dt><code>-d</code></dt>
+    <dd>Use <code>crypt()</code> encryption for passwords. The default on all
+    platforms but Windows, Netware and TPF. Though possibly supported by
+    <code>htdbm</code> on all platforms, it is not supported by the
+    <program>httpd</program> server on Windows, Netware and TPF.</dd>
+
+    <dt><code>-s</code></dt>
+    <dd>Use SHA encryption for passwords. Facilitates migration from/to Netscape
+    servers using the LDAP Directory Interchange Format (ldif).</dd>
+
+    <dt><code>-p</code></dt>
+    <dd>Use plaintext passwords. Though <code>htdbm</code> will support
+    creation on all platforms, the <program>httpd</program> daemon will
+    only accept plain text passwords on Windows, Netware and TPF.</dd>
+
+    <dt><code>-l</code></dt>
+    <dd>Print each of the usernames and comments from the database on
+    stdout.</dd>
+
+    <dt><code>-t</code></dt>
+    <dd>Interpret the final parameter as a comment.  When this option is
+    specified, an additional string can be appended to the command line; this
+    string will be stored in the "Comment" field of the database, associated
+    with the specified username.</dd>
+
+    <dt><code>-v</code></dt>
+    <dd>Verify the username and password.  The program will print a message
+    indicating whether the supplied password is valid.  If the password is
+    invalid, the program exits with error code 3.</dd>
+
+    <dt><code>-x</code></dt>
+    <dd>Delete user. If the username exists in the specified DBM file, it
+    will be deleted.</dd>
+
+    <dt><code><var>filename</var></code></dt>
+    <dd>The filename of the DBM format file. Usually without the extension
+    <code>.db</code>, <code>.pag</code>, or <code>.dir</code>.  If
+    <code>-c</code> is given, the DBM file is created if it does not already
+    exist, or updated if it does exist.</dd>
+
+    <dt><code><var>username</var></code></dt>
+    <dd>The username to create or update in <var>passwdfile</var>. If
+    <var>username</var> does not exist in this file, an entry is added. If it
+    does exist, the password is changed.</dd>
+
+    <dt><code><var>password</var></code></dt>
+    <dd>The plaintext password to be encrypted and stored in the DBM file.
+    Used only with the <code>-b</code> flag.</dd>
+
+    <dt><code>-T<var>DBTYPE</var></code></dt>
+    <dd>Type of DBM file (SDBM, GDBM, DB, or "default").</dd>
+    </dl>
+</section>
+
+<section id="bugs"><title>Bugs</title>
+    <p>One should be aware that there are a number of different DBM file
+    formats in existence, and with all likelihood, libraries for more than one
+    format may exist on your system. The three primary examples are SDBM,
+    NDBM, the GNU project's GDBM, and Berkeley DB 2. Unfortunately, all these
+    libraries use different file formats, and you must make sure that the file
+    format used by <var>filename</var> is the same format that
+    <code>htdbm</code> expects to see. <code>htdbm</code> currently
+    has no way of determining what type of DBM file it is looking at. If used
+    against the wrong format, will simply return nothing, or may create a
+    different DBM file with a different name, or at worst, it may corrupt the
+    DBM file if you were attempting to write to it.</p>
+
+    <p>One can usually use the <code>file</code> program supplied with most
+    Unix systems to see what format a DBM file is in.</p>
+</section>
+
+<section id="exit"><title>Exit Status</title>
+    <p><code>htdbm</code> returns a zero status ("true") if the username and
+    password have been successfully added or updated in the DBM File.
+    <code>htdbm</code> returns <code>1</code> if it encounters some problem
+    accessing files, <code>2</code> if there was a syntax problem with the
+    command line, <code>3</code> if the password was entered interactively and
+    the verification entry didn't match, <code>4</code> if its operation was
+    interrupted, <code>5</code> if a value is too long (username, filename,
+    password, or final computed record), <code>6</code> if the username
+    contains illegal characters (see the <a href="#restrictions">Restrictions
+    section</a>), and <code>7</code> if the file is not a valid DBM password
+    file.</p>
+</section>
+
+<section id="examples"><title>Examples</title>
+    <example>
+      htdbm /usr/local/etc/apache/.htdbm-users jsmith
+    </example>
+
+    <p>Adds or modifies the password for user <code>jsmith</code>. The user
+    is prompted for the password. If executed on a Windows system, the password
+    will be encrypted using the  modified Apache MD5 algorithm; otherwise, the
+    system's <code>crypt()</code> routine will be used. If the file does not
+    exist, <code>htdbm</code> will do nothing except return an error.</p>
+
+    <example>
+      htdbm -c /home/doe/public_html/.htdbm jane
+    </example>
+
+    <p>Creates a new file and stores a record in it for user <code>jane</code>.
+    The user is prompted for the password. If the file exists and cannot be
+    read, or cannot be written, it is not altered and <code>htdbm</code>
+    will display a message and return an error status.</p>
+
+    <example>
+      htdbm -mb /usr/web/.htdbm-all jones Pwd4Steve
+    </example>
+
+    <p>Encrypts the password from the command line (<code>Pwd4Steve</code>)
+    using the MD5 algorithm, and stores it in the specified file.</p>
+</section>
+
+<section id="security"><title>Security Considerations</title>
+    <p>Web password files such as those managed by <code>htdbm</code> should
+    <em>not</em> be within the Web server's URI space -- that is, they should
+    not be fetchable with a browser.</p>
+
+    <p>The use of the <code>-b</code> option is discouraged, since when it is
+    used the unencrypted password appears on the command line.</p>
+</section>
+
+<section id="restrictions"><title>Restrictions</title>
+    <p>On the Windows and MPE platforms, passwords encrypted with
+    <code>htdbm</code> are limited to no more than <code>255</code>
+    characters in length. Longer passwords will be truncated to 255
+    characters.</p>
+
+    <p>The MD5 algorithm used by <code>htdbm</code> is specific to the Apache
+    software; passwords encrypted using it will not be usable with other Web
+    servers.</p>
+
+    <p>Usernames are limited to <code>255</code> bytes and may not include the
+    character <code>:</code>.</p>
+</section>
+
+</manualpage>
Index: docs/manual/programs/htdbm.html
===================================================================
--- docs/manual/programs/htdbm.html	(revision 0)
+++ docs/manual/programs/htdbm.html	(revision 0)
@@ -0,0 +1,3 @@
+URI: htdbm.html.en
+Content-Language: en
+Content-type: text/html; charset=ISO-8859-1
Index: docs/manual/programs/index.html.en
===================================================================
--- docs/manual/programs/index.html.en	(revision 157179)
+++ docs/manual/programs/index.html.en	(working copy)
@@ -64,6 +64,10 @@
       <dd>Create and update user authentication files for digest
       authentication</dd>

+      <dt><code class="program"><a href="../programs/htdbm.html">htdbm</a></code></dt>
+
+      <dd>Manipulate DBM password databases.</dd>
+
       <dt><code class="program"><a href="../programs/htpasswd.html">htpasswd</a></code></dt>

       <dd>Create and update user authentication files for basic
Index: docs/manual/programs/index.xml
===================================================================
--- docs/manual/programs/index.xml	(revision 157179)
+++ docs/manual/programs/index.xml	(working copy)
@@ -66,6 +66,10 @@
       <dd>Create and update user authentication files for digest
       authentication</dd>

+      <dt><program>htdbm</program></dt>
+
+      <dd>Manipulate DBM password databases.</dd>
+
       <dt><program>htpasswd</program></dt>

       <dd>Create and update user authentication files for basic
Index: docs/manual/programs/htdbm.xml.meta
===================================================================
--- docs/manual/programs/htdbm.xml.meta	(revision 0)
+++ docs/manual/programs/htdbm.xml.meta	(revision 0)
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<metafile>
+  <basename>htdbm</basename>
+  <path>/programs/</path>
+  <relpath>..</relpath>
+
+  <variants>
+    <variant>en</variant>
+  </variants>
+</metafile>

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org