auth.sh is a simple client credentials file that holds arguments that are passed to winexe in Michael's scripts.
It looks something like:
UNAME='<username>'
WRKGRP='<domain/workgroup>'
PWD='<password>'
Change the ownership and permissions so that it's only readable by the backuppc user.
Did you read the (legacy) documentation page that explains the execution chain? That early version has those variables embedded in the preusercmd.sh but it was a bit insecure, so it was put into an external file.