Mac OS X Snow Leopard: The Missing Manual (Missing Manuals)

 <  Day Day Up  >  

12.5. Setting Up the Login Process

Once you've set up more than one account, the dialog box shown in Figure 12-1 appears whenever you turn on the Mac, whenever you choose a Log Out, or whenever the Mac logs you out automatically (Section 12.11.3). But a few extra controls let you, an administrator, set up either more or less security at the login screen ”or, put another way, build in less or more convenience:

Open System Preferences, click Accounts, and then click the Login Options button (Figure 12-11). Here are some of the ways you can shape the login experience for greater security (or greater convenience).

Automatically log in as: This option eliminates the need to sign in at all. It's a time-saving, hassle-free arrangement if only one person uses the Mac, or if one person uses it most of the time.

When you choose an account holder's name from this pop-up menu, you're prompted for his name and password. Type it and click OK.

From now on, the dialog box shown in Figure 12-1 won't appear at all at startup time. After turning on the machine, you, the specified account holder, will zoom straight to your desktop.

Of course, only one lucky person can enjoy this express ticket. Everybody else must still enter their names and passwords. (And how can they, since the Mac rushes right into the Automatic person's account at startup time? Answer: The Automatic thing happens only at startup time. The usual login screen appears whenever the current account holder logs out ”by choosing a Log Out, for example.)

  • Display login window as . Under normal circumstances, the login screen presents a list of account holders when you power up the Mac, as shown in Figure 12-1. That's the "List of users" option in action.

    If you're especially worried about security, however, you might not even want that list to appear. If you turn on "Name and password," each person who signs in must type both his name (into a blank that appears) and his password “a very inconvenient, but more secure, arrangement.

    Figure 12-11. These options make it easier or harder for people to sign in, offering various degrees of security. By the way: Turning on "List of users" also lets you sign in as >console, a troubleshooting technique described on Section B.9.2. It's also one way to sign in with the root account (Section 12.9), once you've activated it.

  • Show the Restart, Sleep, and Shut Down buttons . If you haven't turned on FileVault (Section 12.11.2), the Mac OS x security system is easy to circumvent. Truly devoted evildoers can bypass the standard login screen in a number of different ways: restart in Mac OS 9, restart in FireWire Disk Mode, restart at the Unix Terminal, and so on. Suddenly, these no-goodniks have full access to every document on the machine, blowing right past all of the safeguards you've so carefully established. (As noted earlier, using FileVault closes all of these back doors and more.)

    One way to thwart them is to turn off this checkbox. Now there's no Restart or Shut Down button to tempt mischief- makers . That's plenty of protection in most homes , schools , and workplaces; after all, Mac people tend to be nice people.

    But if you worry that somebody with a pronounced mean streak might restart simply by pulling the plug, then either use FileVault or set the Open Firmware password , as described in the box on Section 12.6.

  • Show Input menu in login window . If the Input menu (Section 4.6) is available at login time, it means that people who use non-U.S. keyboard layouts and alphabets can use the login features without having to pretend to be American. (It also means that you have a much wider universe of difficult-to-guess passwords, since your password can be in, for example, Japanese characters . Greetings, Mr. Bond-san.)

    POWER USERS CLINIC

    The Open Firmware Password

    After all this discussion of security and passwords, it may come as a bit of a shock to learn that enterprising villains can bypass all of Mac OS X's security features in 10 seconds. If you haven't turned on FileVault, their nefarious options include restarting the Mac with a Mac OS 9 CD in the drive, using the Unix console described in Appendix B, using FireWire disk mode (Section 7.2.1), and so on.

    But there is one way to secure your Mac completely: by using the Open Firm-ware Password program. (It's on your original Tiger DVD, in the Applications Utilities folder.)

    Once you've turned on Open Firmware Password protection, none of the usual startup-key tricks works. Holding down the C key to start up from a CD, holding down N to start up from a NetBoot server, press-ing T to start up in Target Disk Mode, c-V to start up in Verbose mode, c-S to start up in Single- user mode, c-Option-P-R key to reset the parameter RAM, pressing Option to start up from a different system disk “none of it works without the master Open Firmware Password.

    When you run this little utility, you turn on a checkbox called "Require password to change Open Firmware settings," as shown here. Then you make up a master password that's required even to turn the Mac on.

    This password is deadly serious and unhackable, and there's no back door. If you forget the Open Firmware password, you can't change the startup disk ever again. Even Apple can't help you out of that situation.

    Once you've entered a password into both boxes, you're asked for an administrator's password. Finally, a message tells you that, "The settings were successfully saved." Restart the Mac.

    From now on, whenever you attempt to start up in anything but the usual way (primary hard drive, standard login screen), you're asked to type in the Open Firmware password. For example, you see it when you press the C key to start up from a CD, or when you press Option to choose a different startup disk or partition.

    No amount of clever restarting or inserting of disks can get past this heavily armed gatekeeper.

  • Use VoiceOver at login window . The VoiceOver feature (Section 15.5.1.1) is all well and good if you're blind. But how are you supposed to log in? Turn on this checkbox, and VoiceOver will speak the features on the Login panel, too.

  • Show password hints . As described earlier, Mac OS X is kind enough to display your password hint ("middle name of the first person who ever kissed me") after you've typed it wrong three times when trying to log in. This option lets you turn off that feature for an extra layer of security. The hint will never appear.

  • Enable Fast User Switching . This feature lets you switch to another account without having to log out of the first one, as described on Section 12.7.

  • View as: If you do, in fact, turn on Fast User Switching, a new menu appears at the upper-right corner of your screen, listing all the account holders on the machine. Thanks to this new Tiger pop-up menu, you can now specify what that menu looks like. It can display the current account holders full name (Name), the short name Short Name), or only a generic torso-silhouette icon (Icon) to save space on the menu bar.

DON'T PANIC

The Case of the Forgotten Password

Help “I forgot my password! And I never told it to anybody, so even the administrator can't help me !

No problem. Your administrator can simply open up System Preferences, click Accounts, click the name of the person who forgot the password, and then click Reset Password to re-establish the password.

But you don't understand. I am the administrator! And I'm the only account !

Aha “that's a different story. All right, no big deal. At the login screen, type a gibberish password three times. On the last attempt, the Mac will offer you the chance to reset the password. All you have to do is type in your master password (Section 12.11.2) to prove your credentials.

Um “I never set up a master password .

All right then. That's actually good news, because it means you didn't turn on FileVault. (If you had, and you'd also forgotten the master password, your account would now be locked away forever.)

Insert the Mac OS X CD. Restart the Mac while pressing down the letter C key, which starts up the Mac from the CD and launches the Mac OS X installer.

On the first installer screen, choose Installer Reset Password. When the Reset Password screen appears, click the hard drive that contains Mac OS X. From the first pop-up menu, choose the name of your account. Now make up a new password and type it into both boxes. Click Save, close the window, click the installer, and restart.

And next time, be more careful! Write down your password on a Post-it note and affix it to your monitor. (Joke “that's a joke!)

 <  Day Day Up  >  

Категории