if you want to select form a list of users, then get them to enter their password, then there is no way round it, you are going to have to get your fingers durty with some vb code.
There are some alternatives to your design methodology, and that would be to pick up the users network logon - try doign a search for network logons int he access forum for more details.
Access has its own security model built into it, it has many strengths, however it is not soemthing to be implemnted without a great deal of background reading and understanding. Nor is it as secure as server based security models that you get using SQL server, MySQL etc... A word of caution before implemtning any security schem make certain that you fully understand what you are doing, before you do it, and always make your changes to a non cirtical system or backup, just in case it goes wrong. Its easy to recover from a backup, it isn't easy if you nuke your production db. and you can truly nuke your application by applying security incorrectly. Another quirk is that th esecurity is attached to a workgroup file (but access can be opened wothout that workgroupfile, and in some circumstances open the rest of your applciation because the default user has admin privilege
I'd also think long and hard about what you are trying to secure, ie whqat are you protecting against. if your application requires strong security then its probable that Access (using its default data source JET) is not the cioorrect solution. If you want to deter rather than lock out Access workgroup security works fine. It (JET) is not for mission critical data. You cna help secure the app by never letting users get their sticky fingers on a design master of the applications - deploy the aapp as an MDE (encrypted) so they can't circumvent the security so easily.
enough of the rant
to answer your question
you can use workgroup security to extract a list of users. you can examine the secuity onject and extract all the users. - you could write those to a combobox, and then request a password.
you then knwo who the user is - however you can't assign that user to to the currentuser() - you would need to store that user seperately from that, reload it if you have to break on debug. (IzyRiders's user class may be a good starting point for you there).
a starting point look on the web / MSDn for the FAQ on applying access security
look on this forums for the various methods of applying security in the access forum (PKStormy has some functions, as does IzyRider amongst others.
think very very carefully what you are trying to protect.
consider ditching the requirement for separate logon in Access and "just" use their network logon - this assumes of course that your users never leave their desk with their PC logged on to the network and accessible.
I'd rather be riding on the Tiger 800 or the Norton