one of the documented procedures in this installation of the ACS
ad_check_password   db   user_id   password_from_form
What it does:
Returns 1 if the password is correct for the given user ID.
Defined in: /web/philip/packages/acs-core/security-procs.tcl

Source code:

    set selection [ns_db 0or1row $db "
        select password
        from users
        where user_id = $user_id
        and user_state='authorized'

    if {$selection == ""} {
	return 0


    # If we are encrypting passwords in the database, convert so we can compare
    if  [ad_parameter EncryptPasswordsInDBP "" 0] { 
	set password_from_form [ns_crypt $password_from_form [ad_crypt_salt]]

    if { [string compare [string toupper $password_from_form] [string toupper $password]] } {
	return 0

    return 1