mkpasswd

The private authentication file (AuthFile or "svpasswd") requires that you supply a password for each record (except those using Shadow Authentication).  The available password formats are determined by the AuthHashes option and typically include plain text and SHA-256 hashes.  Plain text is convenient for testing, but use of a password hash is best for security.

The mkpasswd program, included in the "Server Files" folder, will generate suitable password hashes.  You may then copy this hash into the password field of an AuthFile user record.  It has the following syntax:

mkpasswd [password]

On Windows and Mac, you may double click on the mkpasswd executable to run it directly from the GUI.  In that case, or if you otherwise do not include the password on the command line, mkpasswd will securely prompt you to enter it.  You may also pipe a password via stdin.

For example:

Enter a password to be hashed: AuthFile SHA-256 hash: 3df7708aff9183f233b5523369cf7d1ac3e850806b9b2d91b02b6e5a22738cd8751b971768b6eaa0 The hash has been copied to the clipboard.

When running mkpasswd from a Windows or Mac console login, the hash will be placed in the clipboard so you can immediately paste it into the AuthFile.  If you are running mkpasswd remotely, such as via SSH, make sure that you select all 80 characters when copying an SHA-256 hash.

mkpasswd does not change your AuthFile.  The hash must be copied into the password field of an AuthFile record and the AuthFile reloaded for the new password to take effect.

Legacy Hashes

servedat also supports MD5 on Windows systems and unix crypt on all other systems.  For compatibility with older AuthFiles, support for these types is enabled when no AuthHashes option is given, but the sample servedat.cf disables them for new installation.  These hashes are less secure than SHA and may conflict with plain text passwords that are 13 or 32 bytes long.  Use mkpasswd's -L option to generate a legacy hash appropriate to the platform.

The Windows version of "mkpasswd -L" will generate a 128-bit MD5 hash.  This hash will only work with Windows versions of servedat.

On all other platforms, "mkpasswd -L" will generate a unix crypt hash.  This hash will only work with non-Windows versions of servedat.  It is also compatible with Apache web server .htaccess files.

Here is an example of a unix crypt hash:

# mkpasswd -L foobar Unix crypt hash: gsi529mAB9kRA

Here is a Windows example:

C:\ExpeDat> mkpasswd.exe -L foobar Windows md5 hash: 3858F62230Ac3c915f300c664312C63f

Here is what a Windows legacy AuthFile entry might look like:

paul:3858F62230Ac3c915f300c664312C63f:::C:\Documents and Settings\paul:RestrictHome

The Apache web server's htpasswd utility is also capable of generating crypt password hashes for use with non-Windows servedat.  However, htpasswd should not be used to edit an AuthFile because it will erase all of the fields after the password.