site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On Nov 10, 2006, at 8:46 PM, Jeffrey Ellis wrote: There isn't necessarily a singular administrator account, and of course then there's also root. First you might check to verify that they gave you a admin user by checking to see if it's a member of the admin group. Next you can check that the password they gave you is correct with `chkpasswd`; see it's man page. Hi, Dan-- In general, you do not check passwords, you let PAM check them for you. -- Terry _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... on 11/10/06 5:05 PM, Dan Shoop at shoop@iwiring.net wrote: At 12:08 PM -0800 11/10/06, Jeffrey Ellis wrote: Is there a way to check if the user has given us the correct administrator password? That's sounds great, thank you :) You probably don't want chkpasswd, since it's not runnable from a script, since it gets its input from the controlling tty, and sets raw mode, etc. on it to control character echo, and so on. The only valid reason for checking a password is for the purpose of establishing a session on a machine - i.e. if you are loginWindow, sshd, ftpd, telnetd, /bin/login, or some other program that establishes a session, or if you are utilizing security frameworks as a trusted application that's permitted to launch subprocesses as "root" (which is generally why the Finder ever asks for the admin passwd; it subsequently effectively runs "sudo"). If you think you need the admin passwd for any other reason, your are probably mistaken. Your best bet is to look at the source code to /bin/login, sshd, or one of the other applications that wires itself into the Mac OS X infrastructure for starting a session. Realize that to answer your question, your process will need to be privileged. This email sent to site_archiver@lists.apple.com