checkpassword - check a password
reads descriptor 3 through end of file and then closes descriptor 3.
There must be at most 512 bytes of data before end of file.
The information supplied on descriptor 3 is a login name terminated by \0,
a password terminated by \0, a timestamp terminated by \0, and possibly
There are no other restrictions on the form of the login name, password,
If the password is unacceptable,
it may instead exit 2.
If there is a temporary problem checking the password,
If the password is acceptable,
consists of one or more arguments.
There are other tools that offer the same interface as
Applications that use
are encouraged to take the
name as an argument,
so that they can be used with different tools.
Note that these tools do not follow the
Optional features are controlled through (1) the tool name and (2)
THE PASSWORD DATABASE
checks the login name and password against
using the operating system's
functions, supplemented by
It rejects accounts with empty passwords.
It ignores the timestamp.
tools have different interpretations of login names, passwords, and
Both the login name and the password should be treated as secrets by the
the only distinction is for administrative convenience.
The timestamp should include any other information that the password is
based on; for example, the challenge in a challenge-response system such as
is inherently unreliable.
It fails to distinguish between temporary errors and nonexistent users.
Future versions of
should return ETXTBSY to indicate temporary errors and ESRCH to indicate
its supplementary groups,
and its working directory.
tools may make different changes to the process state.
It is crucial for these effects to be documented; different applications
have different requirements.