您可以使用curl
看標題:
$ curl -v -u your_user_name "http://......."
外觀爲> Authorization: Basic ...
線,包含Base64
編碼user:pass
。
可以使用解碼字符串:
printf auth_string | base64 --decode
更多細節here。
此外,確保/etc/nginx/.htpasswd
有正確的權限爲nginx
能夠讀取它,它包含了您的用戶名/密碼憑證由nginx
(info here)識別的格式:
1。純文本:
# comment
name1:password1
name2:password2:comment
name3:password3
2.加密/散列:
加密與隱窩()函數;可以使用Apache HTTP Server發行版中的「htpasswd」實用程序或「openssl passwd」命令生成。
與基於MD5的密碼算法(apr1)的Apache變體進行哈希處理;可以使用相同的工具生成;
由「{scheme} data」語法(1.0.3+)指定,如RFC 2307中所述;目前實施的方案包括PLAIN(不應使用示例1,不應該使用),SHA(1.3.13)(不應使用SHA-1 哈希)和SSHA(鹽醃SHA-1哈希,通過某些軟件使用 包,特別是OpenLDAP和Dovecot)。
$ htpasswd
Usage:
htpasswd [-cimBdpsDv] [-C cost] passwordfile username
htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password
htpasswd -n[imBdps] [-C cost] username
htpasswd -nb[mBdps] [-C cost] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-b Use the password from the command line rather than prompting for it.
-i Read password from stdin without verification (for script usage).
-m Force MD5 encryption of the password (default).
-B Force bcrypt encryption of the password (very secure).
-C Set the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 31).
-d Force CRYPT encryption of the password (8 chars max, insecure).
-s Force SHA encryption of the password (insecure).
-p Do not encrypt the password (plaintext, insecure).
-D Delete the specified user.
-v Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.