htpasswd – Apache Server Creates Password Authentication File

The htpasswd command is used to create and update user authentication files for basic authentication in Apache web server. This command encrypts passwords and stores them in a file that can be used by Apache to authenticate users before allowing them access to protected areas of a website.


The basic syntax of the htpasswd command is as follows:

htpasswd [options] passwordfile username

Here, passwordfile is the name of the file where the encrypted passwords will be stored, and username is the name of the user whose password is being added or updated.

To add a new user to the authentication file, use the -c option:

htpasswd -c passwordfile username

This will create a new authentication file if it does not already exist, and add the specified user’s password to it.

To update an existing user’s password, simply omit the -c option:

htpasswd passwordfile username

This will prompt you to enter the new password for the specified user.

Specific Use Cases

  • Creating an authentication file for a new website
htpasswd -c /etc/apache2/.htpasswd john

This will create a new authentication file named .htpasswd in the /etc/apache2/ directory, and add a new user named john to it.

  • Updating an existing user’s password
htpasswd /etc/apache2/.htpasswd john

This will prompt you to enter a new password for the user john in the /etc/apache2/.htpasswd file.


The htpasswd command supports the following options:

Option Description
-c Create a new authentication file.
-b Use batch mode to read passwords from a file.
-n Do not update the password file; display the encrypted password instead.
-m Use the MD5 encryption algorithm (default).
-d Use the crypt() encryption algorithm.
-p Use plain text passwords (not recommended).
-s Use the SHA encryption algorithm.
-i Ignore the case when checking for existing usernames.

Troubleshooting tips

  • If you are getting a “permission denied” error when trying to create or update an authentication file, make sure that the directory where the file is located has the correct permissions and ownership.
  • If you are having trouble logging in with a username and password that you know are correct, make sure that the authentication file is being referenced correctly in the Apache configuration file, and that the AuthType and AuthName directives are set correctly.


  • It is recommended to use the md5 or sha encryption algorithms for password storage, as they are more secure than the crypt algorithm.
  • Plain text passwords should never be used, as they can be easily intercepted and read by attackers.