2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Created: Sat Mar 18 05:11:38 1995 ylo
6 * Password authentication. This file contains the functions to check whether
7 * the password is valid for the user.
11 RCSID("$Id: auth-passwd.c,v 1.14 1999/12/29 12:47:46 markus Exp $");
19 * Tries to authenticate the user using password. Returns true if
20 * authentication succeeds.
23 auth_password(struct passwd * pw, const char *password)
25 extern ServerOptions options;
26 char *encrypted_password;
28 /* deny if no user. */
31 if (pw->pw_uid == 0 && options.permit_root_login == 2)
33 if (*password == '\0' && options.permit_empty_passwd == 0)
37 if (options.skey_authentication == 1) {
38 int ret = auth_skey_password(pw, password);
39 if (ret == 1 || ret == 0)
41 /* Fall back to ordinary passwd authentication. */
45 if (options.kerberos_authentication == 1) {
46 int ret = auth_krb4_password(pw, password);
47 if (ret == 1 || ret == 0)
49 /* Fall back to ordinary passwd authentication. */
53 /* Check for users with no password. */
54 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
56 /* Encrypt the candidate password using the proper salt. */
57 encrypted_password = crypt(password,
58 (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx");
60 /* Authentication is accepted if the encrypted passwords are identical. */
61 return (strcmp(encrypted_password, pw->pw_passwd) == 0);