site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Thread-index: AccGn/hgNrwi4nKTEduLIQANk0QgEg== Thread-topic: Administrator password User-agent: Microsoft-Entourage/11.2.5.060620 on 11/10/06 9:51 PM, Terry Lambert at tlambert@apple.com wrote:

You probably don't want chkpasswd, since it's not runnable from a script, since it gets its input from the controlling tty, and sets raw mode, etc. on it to control character echo, and so on.

In general, you do not check passwords, you let PAM check them for you.

The only valid reason for checking a password is for the purpose of establishing a session on a machine - i.e. if you are loginWindow, sshd, ftpd, telnetd, /bin/login, or some other program that establishes a session, or if you are utilizing security frameworks as a trusted application that's permitted to launch subprocesses as "root" (which is generally why the Finder ever asks for the admin passwd; it subsequently effectively runs "sudo").

If you think you need the admin passwd for any other reason, your are probably mistaken.

Your best bet is to look at the source code to /bin/login, sshd, or one of the other applications that wires itself into the Mac OS X infrastructure for starting a session. Realize that to answer your question, your process will need to be privileged.

-- Terry

Thanks for the heads up, Terry. I'll keep this all in mind. All My Best, Jeffrey _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com