Apache Password Change Servlet

Axel T. Schreiner
02-04-05

This is a servlet to accept a username and current and new passwords through a form on a web page and change the user's entry in a password file otherwise maintained with htpasswd for basic authentication in a .htaccess file.

The source is available below. Paths and patterns must be configured in web.xml. The servlet must be installed as sketched in server.xml.

Principles

The servlet executes the filter htupdate which copies a password file from standard input to standard output while replacing an existing entry with information from the command line.

This means the servlet must be able to read and write the password files. This is not a security problem because the password files need not be visible from the Apache web server. Alternatively, htupdate could be changed to perform file management and suid-ed.

Form

Username: 
Current Password: 
New Password: 
repeat: