This modernises the kcheckpass utility to stop using the getpass(3) call, which was deprecated in SUSv2, removed from POSIX.1-2001, and deprecated in glibc 2.19. It replaces it with a fully standards compliant getdelim(3) call. This also avoids the need to strdup the password buffer and temporarily have two copies.
I didn't know how pedantic to make it; you could possibly want to check for password != NULL and memset-nul it out in the case of getdelim failure, since it could have read in a partial password but then received EOF before \n. I didn't think this case was very likely so I did not author such a check.