OBSD sync;

1 files changed, 50 insertions, 39 deletions

diff --git a/usr.sbin/httpd/src/support/htpasswd.1 b/usr.sbin/httpd/src/support/htpasswd.1
index ff9bc14f336..7cfe927254a 100644
--- a/usr.sbin/httpd/src/support/htpasswd.1
+++ b/usr.sbin/httpd/src/support/htpasswd.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: htpasswd.1,v 1.10 2004/12/14 00:23:25 jmc Exp $
+.\"	$OpenBSD: htpasswd.1,v 1.11 2004/12/14 12:48:06 jmc Exp $
 .\"
 .\" ====================================================================
 .\" The Apache Software License, Version 1.1
@@ -109,30 +109,32 @@ To use a DBM database see
 .Pp
 .Nm
 encrypts passwords using either a version of MD5 modified for Apache,
-or the system's
+the system's
 .Xr crypt 3
-routine.
+routine
+(the default),
+or SHA encryption.
 Files managed by
 .Nm
-may contain both types of passwords;
+may contain all types of passwords e.g.\&
 some user records may have MD5-encrypted passwords
-while others in the same file may have passwords encrypted with
+while others in the same file have passwords encrypted with
 .Xr crypt 3 .
 .Pp
 This manual page only lists the command line arguments.
 For details of the directives necessary to configure user authentication in
 .Xr httpd 8 ,
 see
-the Apache manual, which is part of the Apache distribution or can be
-found at <URL:http://httpd.apache.org/>.
+the Apache manual, which can be found in
+.Pa /var/www/htdocs/manual/ .
 .Pp
 The options are as follows:
 .Bl -tag -width "passwordfileXX"
 .It Fl b
-Use batch mode;
+Use batch mode
 i.e. get the password from the command line rather than prompting for it.
 .Bf -symbolic
-This option should be used with extreme care,
+This option should not be used,
 since the password is clearly visible on the command line.
 .Ef
 .It Fl c
@@ -170,11 +172,12 @@ It cannot be combined with the
 option.
 .It Fl p
 Use plaintext passwords.
-Though
+Although
 .Nm
-will support creation on all platforms, the
+supports the creation of plaintext passwords,
 .Xr httpd 8
-daemon will only accept plain text passwords on Windows and TPF.
+will not accept plaintext passwords on
+.Ox .
 .It Fl s
 Use SHA encryption for passwords.
 Facilitates migration from/to Netscape servers using the
@@ -202,23 +205,43 @@ an entry is added.
 If it does exist,
 the password is changed.
 .El
-.Sh EXIT STATUS
-.Nm
-returns a zero status ("true") if the username and password
-have been successfully added or updated in the
-.Ar passwordfile .
+.Pp
+Web password files such as those managed by
 .Nm
-returns 1 if it encounters some problem accessing files,
-2 if there was a syntax problem with the command line,
-3 if the password was entered interactively
-and the verification entry didn't match,
-4 if its operation was interrupted,
-5 if a value is too long
-(username, filename, password, or final computed record),
-and 6 if the username contains illegal characters
+should
+.Em not
+be within the Web server's URI space \(em that is,
+although the password files
+.Em must
+be contained within
+.Dq ServerRoot ,
+they should not be located in
+.Dq DocumentRoot .
+.Pp
+.Ex -std htpasswd
+The exit codes returned are:
+.Pp
+.Bl -tag -width "XXX" -offset indent -compact
+.It 0
+operation completed successfully
+.It 1
+problem accessing files
+.It 2
+syntax problem with the command line
+.It 3
+the password was entered interactively
+and the verification entry didn't match
+.It 4
+the operation was interrupted
+.It 5
+a value is too long
+(username, filename, password, or final computed record)
+.It 6
+the username contains illegal characters
 (see the
 .Sx CAVEATS
-section, below).
+section, below)
+.El
 .Sh EXAMPLES
 Add or modify the password for user
 .Dq jsmith .
@@ -248,22 +271,10 @@ will display a message and return an error status:
 The scripts in
 .Pa support/SHA1/
 which come with the distribution.
-.Sh SECURITY CONSIDERATIONS
-Web password files such as those managed by
-.Nm
-should
-.Em not
-be within the Web server's URI space \(em that is,
-they should not be fetchable with a browser.
-.Pp
-The use of the
-.Fl b
-option is discouraged,
-since when it is used the unencrypted password appears on the command line.
 .Sh CAVEATS
 The MD5 algorithm used by
 .Nm
-is specific to the Apache software;
+is specific to Apache software:
 passwords encrypted using it will not be usable with other Web servers.
 .Pp
 Usernames are limited to 255 bytes and may not include the character