Re: Administrator password
Re: Administrator password
- Subject: Re: Administrator password
- From: Terry Lambert <email@hidden>
- Date: Fri, 10 Nov 2006 21:51:54 -0800
On Nov 10, 2006, at 8:46 PM, Jeffrey Ellis wrote:
on 11/10/06 5:05 PM, Dan Shoop at email@hidden wrote:
At 12:08 PM -0800 11/10/06, Jeffrey Ellis wrote:
Is there a way to check if the user has given us the correct
administrator
password?
There isn't necessarily a singular administrator account, and of
course then there's also root.
First you might check to verify that they gave you a admin user by
checking to see if it's a member of the admin group.
Next you can check that the password they gave you is correct with
`chkpasswd`; see it's man page.
Hi, Dan--
That's sounds great, thank you :)
You probably don't want chkpasswd, since it's not runnable from a
script, since it gets its input from the controlling tty, and sets raw
mode, etc. on it to control character echo, and so on.
In general, you do not check passwords, you let PAM check them for you.
The only valid reason for checking a password is for the purpose of
establishing a session on a machine - i.e. if you are loginWindow,
sshd, ftpd, telnetd, /bin/login, or some other program that
establishes a session, or if you are utilizing security frameworks as
a trusted application that's permitted to launch subprocesses as
"root" (which is generally why the Finder ever asks for the admin
passwd; it subsequently effectively runs "sudo").
If you think you need the admin passwd for any other reason, your are
probably mistaken.
Your best bet is to look at the source code to /bin/login, sshd, or
one of the other applications that wires itself into the Mac OS X
infrastructure for starting a session. Realize that to answer your
question, your process will need to be privileged.
-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden