Verify user entered password with authentication

Here’s what I’m trying to do. I would like the user to enter their Admin password for the computer. I have them enter it twice to make sure they entered it correctly but what I would like to do is authenticate it against the OS. I need this to avoid the user entering in a wrong password for the computer Admin account.

I do not want the user to be promoted manually using the traditional

 with administrator privileges 

since I will need to authenticate a couple of times with this password and I don’t want the user to have to come back and continually enter it. Also I need to pass this into a shell script later in the script as well.

Here’s what I cobbled together


set myupname to do shell script "echo $USER"
set questionadmin to "Please enter your COMPUTER PASSWORD for the user account " & myupname & ""
repeat
	set init_pass to text returned of (display dialog questionadmin default answer "" with hidden answer)
	set final_pass to text returned of (display dialog "Please verify and re-type your computer password" buttons {"OK"} default button 1 default answer "" with hidden answer)
	if (final_pass = init_pass) then
		set admin_passwd to final_pass
		exit repeat
	else
		display dialog "Opps, looks like you mis-typed one of your attempts, your password is mismatching, please try again" with icon stop
	end if
end repeat

PLEASE HELP!!!

Hi Jazz-e,

I think what you could do is use Keychain Access to unlock the keychain. Then, you get the password and ask the user to input the password again in your own dialog to verify it. Use the unix ‘security’ command.

I need to review the ‘security’ scripts.

gl,
kel

You’re on the right track with administrator privileges, but did you know you can pass it a username and password?

set myupname to do shell script "echo $USER"
set questionadmin to "Please enter your COMPUTER PASSWORD for the user account " & myupname & ""
repeat
	set init_pass to text returned of (display dialog questionadmin default answer "" with hidden answer)
	set final_pass to text returned of (display dialog "Please verify and re-type your computer password" buttons {"OK"} default button 1 default answer "" with hidden answer)
	if (final_pass is not equal to init_pass) then
		display dialog "Opps, looks like you mis-typed one of your attempts, your password is mismatching, please try again" with icon stop
	else
		try
			do shell script "ls" user name myupname password init_pass with administrator privileges
			set admin_passwd to final_pass
			exit repeat
		on error err
			display dialog "Looks like you type in the wrong password, please try again"
		end try
	end if
end repeat

I’d argue against that. I support users who have a different login.keychain password than their login password

WoggleDog

Thanks so much for the help. Worked like a charm :o

Hi woggledog,

That sounds like a good idea if you need more security. I didn’t know that. Need to do some experimenting.

Thanks a lot,
kel

Don’t get me started with AppleScript and password handling. I’ve had many sleepless nights because of it.

I use entered passwords with pwpolicy and security: Had all sorts of issues passing the entered password to the bash command.

Issues with \ in passwords especially, so I’d do research into using

quoted form of

amongst others

Yeah, I always try to use quotes. What I’m trying to find out is when does the system ask for the admin password if you change the login password. Interesting stuff! :slight_smile:

gl,
kel