NAME
pwdauth - password authentication program
SYNOPSIS
/usr/lib/pwdauth
DESCRIPTION
Pwdauth is a program that is used by the crypt(3) function
to do the hard work. It is a setuid root utility so that it
is able to read the shadow password file.
Pwdauth expects on standard input two null terminated
strings, the password typed by the user, and the salt. That
is, the two arguments of the crypt function. The input read
in a single read call must be 1024 characters or less
including the nulls. Pwdauth takes one of two actions
depending on the salt.
If the salt has the form "##user" then the user is used to
index the shadow password file to obtain the encrypted pass-
word. The input password is encrypted with the one-way
encryption function contained within pwdauth and compared to
the encrypted password from the shadow password file. If
equal then pwdauth returns the string "##user" with exit
code 0, otherwise exit code 2 to signal failure. The string
"##user" is also returned if both the shadow password and
the input password are null strings to allow a password-less
login.
If the salt is not of the form "##user" then the password is
encrypted and the result of the encryption is returned. If
salt and password are null strings then a null string is
returned.
The return value is written to standard output as a null
terminated string of 1024 characters or less including the
null.
The exit code is 1 on any error.
SEE ALSO
crypt(3), passwd(5).
NOTES
A password must be checked like in this example:
pw_ok = (strcmp(crypt(key, pw->pw_passwd), pw-
>pw_passwd) == 0);
The second argument of crypt must be the entire encrypted
password and not just the two character salt.
AUTHOR
Kees J. Bot (kjb@cs.vu.nl)