\fIpw_auth\fR invokes the administrator defined functions for a given user\&.
.PP
\fIcommand\fR is the name of the authentication program\&. It is retrieved from the user's password file information\&. The string contains one or more executable file names, delimited by semi\-colons\&. Each program will be executed in the order given\&. The command line arguments are given for each of the reasons listed below\&.
.PP
\fIuser\fR is the name of the user to be authenticated, as given in the \fI/etc/passwd\fR file\&. User entries are indexed by username\&. This allows non\-unique user IDs to be present and for each different username associated with that user ID to have a different authentication program and information\&.
.PP
Each of the permissible authentication reasons is handled in a potentially differenent manner\&. Unless otherwise mentioned, the standard file descriptors 0, 1, and 2 are available for communicating with the user\&. The real user ID may be used to determine the identity of the user making the authentication request\&. \fIreason\fR is one of:
.TP
\fIPW_SU\fR
Perform authentication for the current real user ID attempting to switch real user ID to the named user\&. The authentication program will be invoked with a \fB\-s\fR option, followed by the username\&.
.TP
\fIPW_LOGIN\fR
Perform authentication for the named user creating a new login session\&. The authentication program will be invoked with a \fB\-l\fR option, followed by the username\&.
.TP
\fIPW_ADD\fR
Create a new entry for the named user\&. This allows an authentication program to initialize storage for a new user\&. The authentication program will be invoked with a \fB\-a\fR option, followed by the username\&.
.TP
\fIPW_CHANGE\fR
Alter an existing entry for the named user\&. This allows an authentication program to alter the authentication information for an existing user\&. The authentication program will be invoked with a \fB\-c\fR option, followed by the username\&.
.TP
\fIPW_DELETE\fR
Delete authentication information for the named user\&. This allows an authentication program to reclaim storage for a user which is no longer authenticated using the authentication program\&. The authentication program will be invoked with a \fB\-d\fR option, followed by the username\&.
.TP
\fIPW_TELNET\fR
Authenticate a user who is connecting to the system using the \fItelnet\fR command\&. The authentication program will be invoked with a \fB\-t\fR option, followed by the username\&.
.TP
\fIPW_RLOGIN\fR
Authenticate a user who is connecting to the system using the \fIrlogin\fR command\&. The authentication program will be invoked with a \fB\-r\fR option, followed by the username\&.
.TP
\fIPW_FTP\fR
Authenticate a user who is connecting to the system using the \fIftp\fR command\&. The authentication program will be invoked with a \fB\-f\fR option, followed by the username\&. The standard file descriptors are not available for communicating with the user\&. The standard input file descriptor will be connected to the parent process, while the other two output file descriptors will be connected to \fI/dev/null\fR\&. The \fIpw_auth\fR function will pipe a single line of data to the authentication program using file descriptor 0\&.
.TP
\fIPW_REXEC\fR
Authenticate a user who is connecting to the system using the \fIrexec\fR command\&. The authentication program will be invoked with a \fB\-x\fR option, followed by the username\&. The standard file descriptors are not available for communicating with the remote user\&. The standard input file descriptor will be connected to the parent process, while the other two output file descriptors will be connected to \fI/dev/null\fR\&. The \fIpw_auth\fR function will pipe a single line of data to the authentication program using file descriptor 0\&.
The last argument is the authentication data which is used by the \fIPW_FTP\fR and \fIPW_REXEC\fR reasons\&. It is treated as a single line of text which is piped to the authentication program\&. When the reason is \fIPW_CHANGE,\fR the value of \fIinput\fR is the value of previous user name if the user name is being changed\&.