checkpassword - check a password
reads descriptor 3 through end of file and then closes
descriptor 3. There must be at most 512 bytes of data before end of file.
The information supplied on descriptor 3 is a login name terminated by \0, a
password terminated by \0, a timestamp terminated by \0, and possibly more
data. There are no other restrictions on the form of the login name, password,
If the password is unacceptable, checkpassword
exits 1. If
is misused, it may instead exit 2. If there is a
temporary problem checking the password, checkpassword
If the password is acceptable, checkpassword
consists of one or more arguments.
There are other tools that offer the same interface as checkpassword
Applications that use checkpassword
are encouraged to take the
name as an argument, so that they can be used with
Note that these tools do not follow the getopt
(3) interface. Optional
features are controlled through (1) the tool name and (2) environment
checks the login name and password against
, using the operating system's getpwnam
(3) functions, supplemented by getspnam
. It rejects
accounts with empty passwords. It ignores the timestamp.
-compatible tools have different interpretations of
login names, passwords, and timestamps. Both the login name and the password
should be treated as secrets by the application calling checkpassword
the only distinction is for administrative convenience. The timestamp should
include any other information that the password is based on; for example, the
challenge in a challenge-response system such as APOP.
is inherently unreliable. It fails to
distinguish between temporary errors and nonexistent users. Future versions of
(3) should return ETXTBSY to indicate temporary errors and
ESRCH to indicate nonexistent users.
Before invoking prog
sets up $USER
, its supplementary groups, its gid, its uid, and
its working directory.
-compatible tools may make different changes to the
process state. It is crucial for these effects to be documented; different
applications have different requirements.