Home/ Questions/Q 9115783
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T04:30:53+00:00

I am writing a script that prompts the logged in user for their password

  • 0

I am writing a script that prompts the logged in user for their password using CocoaDialog in order to initiate FileVault 2 encryption.

Ideally, I’d like to verify that the password is correct, but I haven’t found a good way to do so. I tried spawning /usr/libexec/chkpasswd via the subprocess module, but it seems to hit return before I can pass the password to stdin. (I just get “Sorry”, which is the stdout for a wrong password.)

I briefly looked at pexpect, but I’d like to do this without third party tools in order to keep deployment simple.

All Macs would be running OS X 10.8.2.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A quick look around digs up this: the Darwin source for PAM authentication in chkpasswd. It looks like chkpasswd is using its own sub-TTY to get your password:

    /* Initialize PAM. */
pamc.conv = &openpam_ttyconv;
pam_start(progname, uname, &pamc, &pamh);

printf("Checking password for %s.\n", uname);

    [and then more PAM specific code to see if the password works out.]

    This is good for security, but bad for you: there won’t be any way you can use I/O redirection to send over the password. Depending on how pexpect works, it might even not be able to do it: it might keep sending input to the TTY in which chkpasswd is running rather than to the sub-terminal. I don’t know enough about the wiring of each of those components to give a guess without testing it out.

    I know this doesn’t really solve your question, but I thought it would be worth noting.

    • 0