The information supplied on descriptor 3 is a login name terminated by \0, a password terminated by \0, a timestamp terminated by \0, and possibly more data. There are no other restrictions on the form of the login name, password, and timestamp.
If the password is unacceptable, checkpassword exits 1. If checkpassword is misused, it may instead exit 2. If there is a temporary problem checking the password, checkpassword exits 111.
If the password is acceptable, checkpassword runs prog. prog consists of one or more arguments.
Note that these tools do not follow the getopt(3) interface. Optional features are controlled through (1) the tool name and (2) environment variables.
Other checkpassword-compatible tools have different interpretations of login names, passwords, and timestamps. Both the login name and the password should be treated as secrets by the application calling checkpassword; the only distinction is for administrative convenience. The timestamp should include any other information that the password is based on; for example, the challenge in a challenge-response system such as APOP.
WARNING: getpwnam is inherently unreliable. It fails to distinguish between temporary errors and nonexistent users. Future versions of getpwnam(3) should return ETXTBSY to indicate temporary errors and ESRCH to indicate nonexistent users.
Other checkpassword-compatible tools may make different changes to the process state. It is crucial for these effects to be documented; different applications have different requirements.