Axspawn will check if the peer is an AX.25 connect, the callsign a valid Amateur Radio callsign, strip the SSID, check if UID/GID are valid, allow a password-less login if the password-entry in /etc/passwd is "+" or empty; in every other case login will prompt for a password.
Axspawn can create user accounts automatically. You may specify the user shell, first and maximum user id, group ID in the config file and (unlike WAMPES) create a file "/etc/ax25/ax25.profile" which will be copied to ~/.profile.
Auto accounting is a security problem by definition. Unlike WAMPES, which creates an empty password field, Axspawn adds an "impossible" ('+') password to /etc/passwd. Login gets called with the "-f" option, thus new users have the chance to login without a password. (I guess this won't work with the shadow password system).
Of course axspawn does callsign checking: Only letters and numbers are allowed, the callsign must be longer than 4 characters and shorter than 6 characters (without SSID). There must be at least one digit, and max. two digits within the call. The SSID must be within the range of 0 and 15. Please drop me a note if you know a valid Amateur Radio callsign that does not fit this pattern _and_ can be represented correctly in AX.25.
/etc/passwd
/etc/ax25/ax25.profile
/etc/ax25/axspawn.conf