site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com I'm trying to set things up in a manner that is more convenient for a user who is allowed to administer the computer. Sort of like how the OS used to require you to authorize constantly to do just about anything, then things were made easier for users who are designated administrators, so they only have to authenticate to perform tasks that actually alter the system. It sounds like you should integrate with Authorization Services. <http://developer.apple.com/technotes/tn2002/tn2095.html> <http://developer.apple.com/samplecode/AuthForAll/AuthForAll.html> S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Technical Support * Networking, Communications, Hardware _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... At 9:04 -0700 19/4/05, Eric Long wrote: Because the OS caches the users credentials when they log in, you can create a custom right specification that requires the user be part of the admin group, and that right specification will benefit from the cached credentials. And, if the user, or a sit admin, doesn't like your default right specification, they can change it. This email sent to site_archiver@lists.apple.com