NAME
Web::Passwd - Web-based htpasswd Management
VERSION
Version 0.03
SYNOPSIS
Web::Passwd is a web-based utility for managing Apache htpasswd
files. It uses the CGI::Application framework, so functionality is encapsulated in the module and very little code is required to create an instance:
use Web::Passwd;
my $webapp = Web::Passwd->new();
$webapp->run();
That's it. Drop that script in a web-accessible cgi directory and give it execute permissions, and (assuming a default config file is found), you're good to go. If you'd rather explicity define a configuration file to use, you can pass it through an extra parameter:
my $webapp = Web::Passwd->new( PARAMS => { config => '/home/evan/custom_webpasswd.conf' } );
CONFIGURATION
If not explicitly provided, a configuration file will be searched for in the following locations (in order). If a valid configuration file is not found, the script will die with errors.
./webpasswd.conf (the current directory)
../webpasswd.conf (the parent directory)
/etc/webpasswd.conf
The configuration file can be used to specify a directory of templates in the HTML::Template format. If no templates are found, default templates are used (see the /example/templates
directory of the distribution).
tmpl_path = /var/www/cgi-bin/webpasswd/
The htpasswd
command can also be specified. If no htpasswd
command is provided, the default is used. Note that, on some systems, you must specify the absolute path to the htpasswd
binary.
htpasswd_command = htpasswd
The configuration file can specify whether to use the GET
(data encoded into the URL) or POST
(data encoded into the message body) form request method. Defaults to using the generally more secure POST
.
form_method = POST
The configuration file should also contain a section for each htpasswd file it will be used to maintain, using the following format:
[Descriptive Name]
path = /system/path/to/passwdfile
algorithm = {crypt|md5|sha|plain}
TECHNICAL NOTE: The default algorithm Apache uses is crypt
under Linux, and MD5
under Windows.
PITFALL: Enclosing values in quotes within the config file does not have the expected effect! It simply includes the literal quote characters in the config value.
SECURITY
It is *imperitive* that the Web::Passwd instance script itself be htpasswd protected, as it includes no access control mechanism.
Understand that putting the ability to manage htpasswd files via a web-based utility carries an inherent security risk, in that anyone who gains access to the utility is potentially given access to any of the managed htpasswd-protected resources.
Any htpasswd files to be managed with this utility MUST be owned by whatever user apache runs as. Usually, this is 'apache' or 'nobody'.
COMPATABILITY
This was written expressly for Apache webserver 1.3 or higher running under Linux. However, there is nothing as far as I am aware that would prevent execution on a higher version of Apache, or on Apache under Windows.
DEPENDENCIES
A Perl version of 5.6.1 or higher is recommended, and the following modules are required:
CGI::Application
Config::Tiny
HTML::Template
AUTHOR
Evan Kaufman, <evank at cpan.org>
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Web::Passwd
ACKNOWLEDGEMENTS
Written for BCD Music Group.
COPYRIGHT & LICENSE
Copyright 2007 Evan Kaufman, all rights reserved.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.