site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=alastairs-place.net; h= subject:mime-version:content-type:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; q=dns/txt; s= aug07; bh=sU+il5kU3NIt7/7sVDPiZlrSKyY=; b=XJNJ6Hagy/CKKUV45lctx1 FqJgPPV66XRjjPRQ49djAh5ZQAHtg0VufISlaIsHi5acAuxj1ymwzT+u2rqFYunv BSvE1HLxUg9963yhW6lxrfi4iMgsETYsKgQjZPk59o8xMomOti25oxG+gWxAllLY qN89yfq1bnWQs28L01qvY= On 30 Dec 2009, at 16:18, Dave Keck wrote:

Directory Services being as painful of an API as it is, perhaps the Security framework is a better route...

I did briefly consider suggesting that, but then realised that it either implies that there is an appropriate right configured in the authorization database. Whether "system.login.tty" is such a right is a matter of debate, I think. One could conceivably create an appropriate right on installation, however---e.g. it might genuinely make sense to create a right "com.example.ftp" or even a whole suite of such rights. Then again, it might be better to do something similar in Open Directory, since the authorization database is presently local (at least, as far as I know... I'd love for that not to be true). Kind regards, Alastair. -- http://alastairs-place.net _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com