pwdauth - password authentication program
Pwdauth is a program that is used by the crypt(3) function to do the hard
work. It is a setuid root utility so that it is able to read the shadow
Pwdauth expects on standard input two null terminated strings, the
password typed by the user, and the salt. That is, the two arguments of
the crypt function. The input read in a single read call must be 1024
characters or less including the nulls. Pwdauth takes one of two actions
depending on the salt.
If the salt has the form "##user" then the user is used to index the
shadow password file to obtain the encrypted password. The input
password is encrypted with the one-way encryption function contained
within pwdauth and compared to the encrypted password from the shadow
password file. If equal then pwdauth returns the string "##user" with
exit code 0, otherwise exit code 2 to signal failure. The string
"##user" is also returned if both the shadow password and the input
password are null strings to allow a password-less login.
If the salt is not of the form "##user" then the password is encrypted
and the result of the encryption is returned. If salt and password are
null strings then a null string is returned.
The return value is written to standard output as a null terminated
string of 1024 characters or less including the null.
The exit code is 1 on any error.
A password must be checked like in this example:
pw_ok = (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) == 0);
The second argument of crypt must be the entire encrypted password and
not just the two character salt.
Kees J. Bot (firstname.lastname@example.org)