The basic idea behind RADIUS is that it does store passwords in cleartext - therefore, most knowledgeable users will be able to read the users file with administrator-level privileges. However, I do not let Praetorian run with admin-level privileges, and I wouldn’t have come this far if I would put all sensitive material in a list.
Praetorian uses Core Data. The interface you see here, is the hard work done and the data views (the tableview, the search field, etc.) made with rapid prototyping. I have a special password assistant for the full version that takes all the work out of your hands and works with the regular system-wide ‘password assistant’ and keychain.

You might also notice the ‘clients’ section doesn’t work and is actually a copy of the ‘users’ custom view, but that’s beside the point. I wanted to illustrate the interface and put it out there.

However, my readers can convince me anything. I -do- have ethical questions not abiding by HIG’s. I have my doubts about my own dark tableviews (all previous builds had ‘normal’ tableviews). The interface also takes a generous slice of the time going into the project, but I don’t feel like it’s wasteful - if I ever have to dump it and go with unified metal, then ah, we’ll just make the assistants pretty ;).

On a side note, my awful English is hopefully something that will be resolved in the beta’s and localisations where I will be having a venerable army of grammar nazi’s to my disposal (not implying that you are a grammar nazi, but it’s come up before in contexts like ‘Stop using ‘it’s’ for possesive, for god’s sake!’).

Thanks a lot for the input based on solely a screenshot. If you want in on testing, just let me know. I appreciate your feedback a lot..

From a functional point of view, the list of visible passwords bugs me. At the very least, seeing passwords should require an admin password to be entered, along the lines of Keychain Access. This at least reduces the chance that someone might walk past and see them.

But really, having user passwords available to the administrator at all is bad and wrong; all the admin needs is to be able to reset the password as necessary. Users tend to reuse passwords, no matter how much you tell them not to, and entrusting admins with access to users’ passwords is thus a clear security problem. I suppose this could be a flaw in the underlying protocol, though.