NAME

     pwdauth - password authentication program


SYNOPSIS

     /usr/lib/pwdauth


DESCRIPTION

     Pwdauth is a program that is used by the  crypt(3)  function
     to do the hard work.  It is a setuid root utility so that it
     is able to read the shadow password file.

     Pwdauth  expects  on  standard  input  two  null  terminated
     strings, the password typed by the user, and the salt.  That
     is, the two arguments of the crypt function.  The input read
     in  a  single  read  call  must  be  1024 characters or less
     including the nulls.   Pwdauth  takes  one  of  two  actions
     depending on the salt.

     If the salt has the form "##user" then the user is  used  to
     index the shadow password file to obtain the encrypted pass-
     word.  The input password  is  encrypted  with  the  one-way
     encryption function contained within pwdauth and compared to
     the encrypted password from the shadow  password  file.   If
     equal  then  pwdauth  returns  the string "##user" with exit
     code 0, otherwise exit code 2 to signal failure.  The string
     "##user"  is  also  returned if both the shadow password and
     the input password are null strings to allow a password-less
     login.

     If the salt is not of the form "##user" then the password is
     encrypted  and the result of the encryption is returned.  If
     salt and password are null strings then  a  null  string  is
     returned.

     The return value is written to standard  output  as  a  null
     terminated  string  of 1024 characters or less including the
     null.

     The exit code is 1 on any error.


SEE ALSO

     crypt(3), passwd(5).


NOTES

     A password must be checked like in this example:

          pw_ok   =   (strcmp(crypt(key,   pw->pw_passwd),    pw-
          >pw_passwd) == 0);

     The second argument of crypt must be  the  entire  encrypted
     password and not just the two character salt.


AUTHOR

     Kees J. Bot (kjb@cs.vu.nl)