More versitile (ht)passwd file support

Skip to first unread message

Alex King

Dec 5, 2014, 7:32:55 PM12/5/14
I'm interested in a module like the Apache application helper.  I want to manage password files for libpam-pwdfile (, through ansible.  Ansible has a htpasswd module which uses "from passlib.apache import HtpasswdFile", but this naturally only supports the hashes used by apache.  If there were a generic passwd file application helper that allowed additional hashes, this could be used by ansible to support libpam-pwdfile and other password file types.

There is only one format common to apache httpasswd and libpam-pwdfile - the original DES.  This works but I'd prefer not to use it.

I'm happy to write code for it if there is a chance that it will be incorporated into the release.


Eli Collins

Dec 6, 2014, 1:10:43 PM12/6/14
It's not that well advertised in the documentation, but it's actually
possible to do that with the existing HtpasswdFile class. The
constructor accepts an optional "context" parameter, which can be used
to completely override the set of supported hashes by passing in a
custom CryptContext object. If you're on a linux / bsd system,
there's even a the pre-built CryptContext that should match your
system's crypt(), and defaults to something much stronger
(sha512_crypt on linux):

>>> from passlib.apache import HtpasswdFile
>>> from passlib.hosts import host_context
>>> ht = HtpasswdFile("/some/file", context=host_context)

It looks like libpam-pwdfile will accept the "user:hash" format the
HtpasswdFile works with... but let me know if you have trouble on that
front. While HtpasswdFile is (currently) very rigid in it's file
format, I'm certainly open to expanding the that module ... especially
in the direction of /etc/passwd & /etc/shadow -style files.

Hope that helps!

- Eli
> --
> You received this message because you are subscribed to the Google Groups
> "passlib-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> For more options, visit

Eli Collins
Software Development & I.T. Consulting
Assurance Technologies

Alex King

Dec 6, 2014, 11:48:21 PM12/6/14
Excellent, that's exactly what I needed. I see now it is in the
documentation, if I read it thoroughly.

I'll put in a feature request to ansible to be able to use it.

Reply all
Reply to author
0 new messages