Password File

The information about users and their passwords is kept in a password file of the server. Each line in the password file contains information about one user, in the following format:

        username:password:real name and maybe other information

password field is encrypted by C library crypt() function. This makes it compatible with Unix password file (/etc/passwd). Password file can be maintained by the htadm program.

Password file should not reside in the served tree of documents, or it should be carefully checked that the rule file prevents it from being accessed via the WWW server.

There must not be duplicate entries for the same username, and username must never contain colons.