--- /dev/null
+#
+if ( grep calling-user /etc/userv/checkpasswd-service-users
+ & glob service-user root
+ )
+ reset
+ no-set-environment
+ disconnect-hup
+ execute checkpasswd-service
+fi
--- /dev/null
+#!/usr/bin/perl -w
+use strict;
+use IO::File;
+use Fcntl qw(:flock);
+
+die "$0: bad usage\n" unless @ARGV==1 && $ARGV[0] !~ m/^-/;
+my $username = shift @ARGV;
+$username = $ENV{'USERV_USER'} if $username eq 'SELF';
+
+sub result {
+ print "@_\n" or die $!;
+ exit 0;
+}
+
+my @pwent = getpwnam($username);
+result 4, "no such user" unless @pwent;
+
+my $encrpw= $pwent[1];
+result 5, "password disabled" unless length $encrpw >= 13;
+
+$!=0; my $pw = <STDIN>;
+chomp $pw or die "reading password: $!\n";
+
+my $lockpath = "/var/run/checkpasswd.synch";
+my $lockf = new IO::File $lockpath, "w+" or die "open $lockpath: $!\n";
+flock($lockf, LOCK_EX) or die "lock $lockpath: $!\n";
+select(undef,undef,undef,0.5);
+close $lockf;
+
+my $crval = crypt($pw,$encrpw);
+
+result 2, "incorrect password" unless $crval eq $encrpw;
+
+result 0, "ok";