$hash = &generate_hash( $USER, $passwd );
    # ... confirm via hash
    my $ok = $hash eq $USER->{passwd_hash};
    # if the hash-compare failed and the user still has a password, use that:
    if (defined $USER->{passwd}) {
        ... confirm via passwd
    }