pwdauth − password authentication program is a program that is
used by the function to do the hard work. It is a setuid rootutility so that it is able to read the shadow password file. ex‐
pects on standard input two null terminated strings, the password
typed by the user, and the salt. That is, the two arguments of
the function. The input read in a single read call must be 1024characters or less including the nulls. takes one of two actions
depending on the salt. If the salt has the form "##user" then
the is used to index the shadow password file to obtain the en‐
crypted password. The input password is encrypted with the one‐
way encryption function contained within and compared to the en‐
crypted password from the shadow password file. If equal then
returns the string "##user" with exit code 0, otherwise exit code
2 to signal failure. The string "##user" is also returned ifboth the shadow password and the input password are null stringsto allow a password‐less login. If the salt is not of the form
"##user" then the password is encrypted and the result of the en‐
cryption is returned. If salt and password are null strings thena null string is returned. The return value is written to stan‐
dard output as a null terminated string of 1024 characters or
less including the null. The exit code is 1 on any error. A
password must be checked like in this example: pw_ok = (str‐
cmp(crypt(key, pw‐>pw_passwd), pw‐>pw_passwd) == 0); The second
argument of crypt must be the entire encrypted password and not
just the two character salt. Kees J. Bot (kjb@cs.vu.nl)