I configured a Mercurial repository on my web server using Apache and hgweb. I understand how to create new user accounts using htdigest but I'd like to know how to enable remote users to change their password. Ideally, I'd create their account with a temporary password, then send them an email inviting them to change it. Users should be able to change their own password, not those of other users (otherwise I'd simply supply them with a shell account).
Can this be done? If so, how?
Htdigest is an Apache user configuration file, and in principle managing these is outside the scope of Mercurial itself.
To provide the password change form, you would have to write your own script that manipulates the htdigest file. It shouldn’t be too difficult. As I understand it each line of this file has the format:
Some example code to generate the MD5 hash part of this format can be found here:
http://httpd.apache.org/docs/trunk/misc/password_encryptions.html#digest
Probably you should be able to google for some pre-made scripts that do this, although I was unfortunately not able to quickly find one. I think it is also possible to configure Apache to connect to a pre-existing database that stores passwords in this format, and handle the password management through that.
Alternatively, I would recommend to consider repository server packages such as RhodeCode or SCM-Manager which have built-in support for these kind of management tasks.