pwdauth(8)



NAME

     pwdauth - password authentication program


SYNOPSIS

     /usr/lib/pwdauth


DESCRIPTION

     Pwdauth is a program that is used by the crypt(3) function to do the hard
     work.   It is a setuid root utility so that it is able to read the shadow
     password file.

     Pwdauth expects on  standard  input  two  null  terminated  strings,  the
     password  typed by the user, and the salt.  That is, the two arguments of
     the crypt function.  The input read in a single read call  must  be  1024
     characters or less including the nulls.  Pwdauth takes one of two actions
     depending on the salt.

     If the salt has the form "##user" then the user  is  used  to  index  the
     shadow  password  file  to  obtain  the  encrypted  password.   The input
     password is encrypted with  the  one-way  encryption  function  contained
     within  pwdauth  and  compared  to the encrypted password from the shadow
     password file.  If equal then pwdauth returns the  string  "##user"  with
     exit  code  0,  otherwise  exit  code  2  to  signal failure.  The string
     "##user" is also returned if both  the  shadow  password  and  the  input
     password are null strings to allow a password-less login.

     If the salt is not of the form "##user" then the  password  is  encrypted
     and  the  result of the encryption is returned.  If salt and password are
     null strings then a null string is returned.

     The return value is written to  standard  output  as  a  null  terminated
     string of 1024 characters or less including the null.

     The exit code is 1 on any error.


SEE ALSO

     crypt(3), passwd(5).


NOTES

     A password must be checked like in this example:

          pw_ok = (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) == 0);

     The second argument of crypt must be the entire  encrypted  password  and
     not just the two character salt.






AUTHOR

     Kees J. Bot (kjb@cs.vu.nl)