How do you generate user accounts for 400 users to do a load testing?
Htdigest forces you to type in a password each time, I have tried dos pipes like
echo password > htdigest -c realm username%1
htdigest -c realm username%1 < password.txt
but it is not working...
(Aside: On unix/linux the first one should be:
echo password | htdigest -c realm username$1
)
As htdigest doesn't have any nice way to pass the password in, I would use expect to automate the process.
An example from http://www.seanodonnell.com/code/?id=21:
#!/usr/bin/expect
#########################################
#$ file: htpasswd.sh
#$ desc: Automated htpasswd shell script
#########################################
#$
#$ usage example:
#$
#$ ./htpasswd.sh passwdpath username userpass
#$
######################################
set htpasswdpath [lindex $argv 0]
set username [lindex $argv 1]
set userpass [lindex $argv 2]
# spawn the htpasswd command process
spawn htpasswd $htpasswdpath $username
# Automate the 'New password' Procedure
expect "New password:"
send "$userpass\r"
expect "Re-type new password:"
send "$userpass\r"
It's left as an exercise to the user to convert this for Windows if required.
You can also check out the python script that trac distributes on their website for htdigest passwords, you can then automate it:
Generating htdigest passwords without Apache
They also suggest something along these lines will work:
It is possible to use md5sum utility to generate digest-password file using such method:
$ printf "${user}:trac:${password}" | md5sum - >>user.htdigest
and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'.
I have tested this on FreeBSD, not sure if this will work on Linux or Windows, so you may need to modify it a little:
(echo -n "user:realm:" && echo -n "user:realm:testing" | md5) > outfile
outfile contains:
user:realm:84af20dd88a2456d3bf6431fe8a59d16
Same thing with htdigest:
htdigest -c outfile2 realm user
output in outfile2
user:realm:84af20dd88a2456d3bf6431fe8a59d16
They are both the same, thereby proving correctness of the command line implementation!
Here is a script that will read in a list of user names, generate a random password for each, and output them to both an htdigest file, and a plain text file. It has been tested on Linux, but may need to be modified for other systems. In particular, md5sum may be md5, and head does always accept the -c flag.
#!/bin/bash
# auth realm for digest auth
AUTH_REALM=MyRealm
# file locations
# a file containing a list of user names,
# one name per line, e.g.,
# $ cat users.txt
# joe
# curly
# larry
USER_FILE=users.txt
# htdigest file, needs to exist
HTDIGEST_FILE=passwd.htdigest
# insecure password file
PASSWD_FILE=passwd.txt
# read the names from the user file
while read username
do
# generate a pseudo-random password
rand_pw=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8`
# hash the username, realm, and password
htdigest_hash=`printf $username:$AUTH_REALM:$rand_pw | md5sum -`
# build an htdigest appropriate line, and tack it onto the file
echo "$username:$AUTH_REALM:${htdigest_hash:0:32}" >> $HTDIGEST_FILE
# put the username and password in plain text
# clearly, this is terribly insecure, but good for
# testing and importing
echo "$username:$rand_pw" >> $PASSWD_FILE
done < $USER_FILE
This is what the input and results look like, first the user names file:
$ cat users.txt
joe
curly
larry
Running the script:
$ ./load_users.bash
The resulting htdigest file:
$ cat passwd.htdigest
joe:MyRealm:2603a6c581f336f2874dbdd253aee780
curly:MyRealm:fd3f9d87bba654439d5ba1f32c0286a8
larry:MyRealm:c1c3c0dc50a9b97e9f7ee582e3fce892
And the plain text file:
$ cat passwd.txt
joe:aLnqnrv0
curly:3xWxHKmv
larry:7v7m6mXY