The private authentication file (AuthFile or "svpasswd") requires that you supply a password for each record (except those using Shadow Authentication). The password can be entered as plain text for convenience, but use of a password hash is best for security.
The mkpasswd program, included in the "Server Files" folder, will generate a suitable password hash. You may then copy this hash into the password field of an AuthFile user record. It has the following syntax:
On Windows and Mac, you may double click on the mkpasswd executable to run it directly from the GUI. In that case, or if you otherwise do not include the password on the command line, mkpasswd will securely prompt you to enter it.
Enter a password to be hashed: AuthFile SHA-256 hash: 3df7708aff9183f233b5523369cf7d1ac3e850806b9b2d91b02b6e5a22738cd8751b971768b6eaa0 The hash has been copied to the clipboard.
When running mkpasswd from a Windows or Mac console login, the hash will be placed in the clipboard so you can immediately paste it into the AuthFile. If you are running mkpasswd remotely, such as via SSH, make sure that you select all 80 characters when copying it.
mkpasswd does not change your AuthFile. The hash must be copied into the password field of an AuthFile record and the AuthFile reloaded for the new password to take effect.
servedat also supports MD5 on Windows systems and unix crypt on all other systems. These hashes are less secure than SHA, but offer compatability with other systems and versions of servedat prior to 1.17.2. Use -L to generate a legacy hash appropriate to the platform.
The Windows version of "mkpasswd -L" will generate a 128-bit MD5 hash. This hash will only work with Windows versions of servedat.
On all other platforms, "mkpasswd -L" will generate a unix crypt hash. This hash will only work with non-Windows versions of servedat. It is also compatible with Apache web server .htaccess files.
Here is an example of a unix crypt hash:
# mkpasswd -L foobar Unix crypt hash: gsi529mAB9kRA
Here is a Windows example:
C:\ExpeDat> mkpasswd.exe -L foobar Windows md5 hash: 3858F62230Ac3c915f300c664312C63f
Here is what a Windows legacy AuthFile entry might look like:
paul:3858F62230Ac3c915f300c664312C63f:::C:\Documents and Settings\paul:RestrictHome
The Apache web server's htpasswd utility is also known to generate appropriate password hashes for use with servedat. However, htpasswd should not be used to edit an AuthFile because it will erase all of the fields after the password.