Documentation

htpasswd - manage user files for basic authentication

New in version 1.3.

Synopsis

  • Add and remove username/password entries in a password file using htpasswd.
  • This is used by web servers such as Apache and Nginx for basic authentication.

Options

parameter required default choices comments
create
no yes
  • yes
  • no
Used with state=present. If specified, the file will be created if it does not already exist. If set to "no", will fail if the file does not exist
crypt_scheme
no apr_md5_crypt
  • apr_md5_crypt
  • des_crypt
  • ldap_sha1
  • plaintext
Encryption scheme to be used. As well as the four choices listed here, you can also use any other hash supported by passlib, such as md5_crypt and sha256_crypt, which are linux passwd hashes. If you do so the password file will not be compatible with Apache or Nginx
name
yes
User name to add or remove

aliases: username
password
no
Password associated with user.
Must be specified if user does not exist yet.
path
yes
Path to the file that contains the usernames and passwords

aliases: dest, destfile
state
no present
  • present
  • absent
Whether the user entry should be present or not

Examples

# Add a user to a password file and ensure permissions are set
- htpasswd:
    path: /etc/nginx/passwdfile
    name: janedoe
    password: '9s36?;fyNp'
    owner: root
    group: www-data
    mode: 0640

# Remove a user from a password file
- htpasswd:
    path: /etc/apache2/passwdfile
    name: foobar
    state: absent

# Add a user to a password file suitable for use by libpam-pwdfile
- htpasswd:
    path: /etc/mail/passwords
    name: alex
    password: oedu2eGh
    crypt_scheme: md5_crypt

Notes

Note

  • This module depends on the passlib Python library, which needs to be installed on all target systems.
  • On Debian, Ubuntu, or Fedora: install python-passlib.
  • On RHEL or CentOS: Enable EPEL, then install python-passlib.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.