# File lib/devise_unix2_chkpwd_authenticatable/model.rb, line 20
      def unix2_chkpwd(login, passwd)
        # do not log authentication token when sent via HTTP Basic auth as user name
        # see https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/token_authenticatable.rb#L10
        log_name = login && login.size == 20 && (passwd == "" || passwd == "X") ? "[FILTERED]" : login
        Rails.logger.info "*** UNIX2_CHKPWD: checking password for user #{log_name.inspect}"

        success = nil

        # check Ruby version
        if RUBY_VERSION.match /^1.8/
          # open3 does not return the exit status correctly
          # use echo to print it to stdout
          Open3.popen3("/sbin/unix2_chkpwd passwd '#{escape_quotes login}'; echo $?") do |stdin, stdout, stderr|
            stdin.write passwd
            stdin.close
            error = stderr.read
            Rails.logger.error "*** UNIX2_CHKPWD: Password check failed: #{error}" unless error.empty?
            success = stdout.read == "0\n"
         end
        else
          # Ruby 1.9 (or higher)
          Open3.popen3("/sbin/unix2_chkpwd", "passwd", login) do |stdin, stdout, stderr, wait_thr|
            stdin.write passwd
            stdin.close
            error = stderr.read
            Rails.logger.error "*** UNIX2_CHKPWD: Password check failed: #{error}" unless error.empty?
            success = wait_thr.value.exitstatus == 0
          end
        end

        return success
      end