58 lines
1.8 KiB
Groff
58 lines
1.8 KiB
Groff
|
.SH NAME
|
||
|
pwdauth \- password authentication program
|
||
|
.SH SYNOPSIS
|
||
|
.B /usr/lib/pwdauth
|
||
|
.SH DESCRIPTION
|
||
|
.B Pwdauth
|
||
|
is a program that is used by the
|
||
|
.BR crypt (3)
|
||
|
function to do the hard work. It is a setuid root utility so that it is
|
||
|
able to read the shadow password file.
|
||
|
.PP
|
||
|
.B Pwdauth
|
||
|
expects on standard input two null terminated strings, the
|
||
|
password typed by the user, and the salt. That is, the two arguments of
|
||
|
the
|
||
|
.B crypt
|
||
|
function. The input read in a single read call must be 1024 characters or
|
||
|
less including the nulls.
|
||
|
.B Pwdauth
|
||
|
takes one of two actions depending on the salt.
|
||
|
.PP
|
||
|
If the salt has the form "\fB##\fIuser\fR" then the
|
||
|
.I user
|
||
|
is used to index the shadow password file to obtain the encrypted password.
|
||
|
The input password is encrypted with the one-way encryption function
|
||
|
contained within
|
||
|
.B pwdauth
|
||
|
and compared to the encrypted password from the shadow password file. If
|
||
|
equal then
|
||
|
.B pwdauth
|
||
|
returns the string "\fB##\fIuser\fR" with exit code 0, otherwise exit
|
||
|
code 2 to signal failure. The string "\fB##\fIuser\fR" is also returned
|
||
|
if both the shadow password and the input password are null strings to
|
||
|
allow a password-less login.
|
||
|
.PP
|
||
|
If the salt is not of the form "\fB##\fIuser\fR" then the password is
|
||
|
encrypted and the result of the encryption is returned. If salt and
|
||
|
password are null strings then a null string is returned.
|
||
|
.PP
|
||
|
The return value is written to standard output as a null terminated string
|
||
|
of 1024 characters or less including the null.
|
||
|
.PP
|
||
|
The exit code is 1 on any error.
|
||
|
.SH "SEE ALSO"
|
||
|
.BR crypt (3),
|
||
|
.BR passwd (5).
|
||
|
.SH NOTES
|
||
|
A password must be checked like in this example:
|
||
|
.PP
|
||
|
.RS
|
||
|
pw_ok = (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) == 0);
|
||
|
.RE
|
||
|
.PP
|
||
|
The second argument of crypt must be the entire encrypted password and
|
||
|
not just the two character salt.
|
||
|
.SH AUTHOR
|
||
|
Kees J. Bot (kjb@cs.vu.nl)
|