htpasswd - manage user files for basic authentication

New in version 1.3.

Synopsis

  • Add and remove username/password entries in a password file using htpasswd.
  • This is used by web servers such as Apache and Nginx for basic authentication.

Requirements (on host that executes module)

  • passlib>=1.6

Options

parameter required default choices comments
create
 no yes
  • yes
  • no
Used with state=present. If specified, the file will be created if it does not already exist. If set to "no", will fail if the file does not exist
crypt_scheme
 no apr_md5_crypt
  • apr_md5_crypt
  • des_crypt
  • ldap_sha1
  • plaintext
Encryption scheme to be used. As well as the four choices listed here, you can also use any other hash supported by passlib, such as md5_crypt and sha256_crypt, which are linux passwd hashes. If you do so the password file will not be compatible with Apache or Nginx
name
 yes
User name to add or remove
aliases: username
password
 no
Password associated with user.
Must be specified if user does not exist yet.
path
 yes
Path to the file that contains the usernames and passwords
aliases: dest, destfile
state
 no present
  • present
  • absent
Whether the user entry should be present or not

Examples

# Add a user to a password file and ensure permissions are set
- htpasswd:
    path: /etc/nginx/passwdfile
    name: janedoe
    password: '9s36?;fyNp'
    owner: root
    group: www-data
    mode: 0640

# Remove a user from a password file
- htpasswd:
    path: /etc/apache2/passwdfile
    name: foobar
    state: absent

# Add a user to a password file suitable for use by libpam-pwdfile
- htpasswd:
    path: /etc/mail/passwords
    name: alex
    password: oedu2eGh
    crypt_scheme: md5_crypt

Notes

Note

  • This module depends on the passlib Python library, which needs to be installed on all target systems.
  • On Debian, Ubuntu, or Fedora: install python-passlib.
  • On RHEL or CentOS: Enable EPEL, then install python-passlib.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/htpasswd_module.html