./usr/lib/pkgconfig/openssl.pc minix-base crypto
./usr/lib/pkgconfig/sqlite3.pc minix-base
./usr/lib/pkgconfig/zlib.pc minix-base
-./usr/lib/pwdauth minix-base
+./usr/lib/pwdauth minix-base obsolete
./usr/lib/security minix-base
./usr/libdata minix-base
./usr/libdata/debug minix-base
./usr/man/man8/pr_routes.8 minix-man
./usr/man/man8/printroot.8 minix-man
./usr/man/man8/pwd_mkdb.8 minix-man
-./usr/man/man8/pwdauth.8 minix-man
+./usr/man/man8/pwdauth.8 minix-man obsolete
./usr/man/man8/rarpd.8 minix-man
./usr/man/man8/rawspeed.8 minix-man
./usr/man/man8/rdate.8 minix-man
mount mt netconf \
nonamed \
postinstall prep printroot \
- profile progressbar pr_routes pwdauth \
+ profile progressbar pr_routes \
ramdisk rarpd rawspeed readclock \
remsync rget rlogin \
rotate service setup \
+++ /dev/null
-PROG= pwdauth
-BINDIR= /usr/lib
-BINMODE= 4755
-MAN= pwdauth.8
-
-LDADD+=-lcrypt
-
-.include <bsd.prog.mk>
+++ /dev/null
-.SH NAME
-pwdauth \- password authentication program
-.SH SYNOPSIS
-.B /usr/lib/pwdauth
-.SH DESCRIPTION
-.B Pwdauth
-is a program that is used by the
-.BR crypt (3)
-function to do the hard work. It is a setuid root utility so that it is
-able to read the shadow password file.
-.PP
-.B Pwdauth
-expects on standard input two null terminated strings, the
-password typed by the user, and the salt. That is, the two arguments of
-the
-.B crypt
-function. The input read in a single read call must be 1024 characters or
-less including the nulls.
-.B Pwdauth
-takes one of two actions depending on the salt.
-.PP
-If the salt has the form "\fB##\fIuser\fR" then the
-.I user
-is used to index the shadow password file to obtain the encrypted password.
-The input password is encrypted with the one-way encryption function
-contained within
-.B pwdauth
-and compared to the encrypted password from the shadow password file. If
-equal then
-.B pwdauth
-returns the string "\fB##\fIuser\fR" with exit code 0, otherwise exit
-code 2 to signal failure. The string "\fB##\fIuser\fR" is also returned
-if both the shadow password and the input password are null strings to
-allow a password-less login.
-.PP
-If the salt is not of the form "\fB##\fIuser\fR" then the password is
-encrypted and the result of the encryption is returned. If salt and
-password are null strings then a null string is returned.
-.PP
-The return value is written to standard output as a null terminated string
-of 1024 characters or less including the null.
-.PP
-The exit code is 1 on any error.
-.SH "SEE ALSO"
-.BR crypt (3),
-.BR passwd (5).
-.SH NOTES
-A password must be checked like in this example:
-.PP
-.RS
-pw_ok = (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) == 0);
-.RE
-.PP
-The second argument of crypt must be the entire encrypted password and
-not just the two character salt.
-.SH AUTHOR
-Kees J. Bot (kjb@cs.vu.nl)
+++ /dev/null
-/* pwdauth 2.0 - check a shadow password Author: Kees J. Bot
- * 7 Feb 1994
- *
- * This program gets as input the key and salt arguments of the crypt(3)
- * function as two null terminated strings. The crypt result is output as
- * one null terminated string. Input and output must be <= 1024 characters.
- * The exit code will be 1 on any error.
- *
- * If the key has the form '##name' then the key will be encrypted and the
- * result checked to be equal to the encrypted password in the shadow password
- * file. If equal than '##name' will be returned, otherwise exit code 2.
- *
- * Otherwise the key will be encrypted normally and the result returned.
- *
- * As a special case, anything matches a null encrypted password to allow
- * a no-password login.
- */
-#define nil 0
-#include <sys/types.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#define setkey pwdauth_setkey
-#define encrypt pwdauth_encrypt
-
-#define LEN 1024
-
-int main(int argc, char **argv)
-{
- char key[LEN];
- char *salt;
- struct passwd *pw;
- int n;
-
- /* Read input data. Check if there are exactly two null terminated
- * strings.
- */
- n= read(0, key, LEN);
- if (n < 0) return 1;
- salt = key + n;
- n = 0;
- while (salt > key) if (*--salt == 0) n++;
- if (n != 2) return 1;
- salt = key + strlen(key) + 1;
-
- if (salt[0] == '#' && salt[1] == '#') {
- if ((pw= getpwnam(salt + 2)) == nil) return 2;
-
- /* A null encrypted password matches a null key, otherwise
- * do the normal crypt(3) authentication check.
- */
- if (*pw->pw_passwd == 0 && *key == 0) {
- /* fine */
- } else
- if (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) != 0) {
- return 2;
- }
- } else {
- /* Normal encryption. */
- if (*salt == 0 && *key == 0) {
- /* fine */
- } else {
- salt= crypt(key, salt);
- }
- }
-
- /* Return the (possibly new) salt to the caller. */
- if (write(1, salt, strlen(salt) + 1) < 0) return 1;
- return 0;
-}
in the shadow password file. The password in this entry is then used for
authentication of the user. The shadow file can only be read by the
privileged utility
-.BR pwdauth (8),
+.BR pwd_mkdb (8),
so that the encrypted passwords in the shadow file are kept secret, and thus
safe from a dictionary attack.
.SS "Special password and group file entries"
.BR crypt (3),
.BR getpwent (3),
.BR getgrent (3),
-.BR pwdauth (8).
+.BR pwd_mkdb (8).
.SH NOTES
The
.B nobody