<p>Input to the authenticator is as follows. All items except the
first, which is a single byte, are NUL-terminated strings. The total
length of the input must not exceed 512 bytes. <ol>
<li>Protocol number, 1.
<li>Account name base (ie user name).
<li>Account domain name.
<li>List of credentials.
<li>An empty string (ie a single NUL byte).
<p>The credentials consist of one of the following:<ul>
<li>For plain login, the password.
<li>For APOP, the timestamp and MD5 digest.
<li>For CRAM-MD5 keyed hashing, as specified in RFC 2095, the
challenge and MD5 digest.
<p>Each module will implement a single type of credential validation.
The invoker will choose which modules to invoke depending on what type
of credentials it needs validated.</p>
<p>The following environment variables may be set by the invoker:<dl>
<dt><tt>SERVICE</tt> <dl>The service name, to be used (for example) by
PAM modules to determine which configuration file to load.
<p>If authentication succeeds, the output from the module is a single
byte success code followed by a list of <a href="facts.html">facts</a>
about the authenticator. The total size of the output must not exceed
<p>If authentication succeeded, the code byte will be 0. If the
credentials are accepted by this module, but are not valid, the code
will be 100 (permanent failure). Any other code indicates a temporary
<p>Each fact consists of a single byte identifying what type of fact
is being reported, followed by a sequence of zero or more non-zero
bytes, terminated by a single NUL byte. A second NUL byte follows the
last fact and indicates the end of the list.</p>
<p>The module must report a temporary error if it detects malformed
input (too few credentials, etc.). Extra input is a fault in the
invoking code, and may produce undefined results.</p>
<p>An executable module must exit 0 if authentication succeeds.
Non-zero exit codes from an executable module should be treated as a
<p>The invoker of an executable module must assume a temporary error
if the module either fails to completely read its input or produces
incomplete output, even if the module exits without error.</p>
<p>The invoking code should change directory to the named home
directory and drop root priviledges as soon as possible after
successful authentication. Where reasonable, the invoking code should
also chroot to the directory for added protection.</p>