Xem mẫu

  1. 12.5. Setting Up the Login Process Once you've set up more than one account, the dialog box shown in Figure 12-1 appears whenever you turn on the Mac, whenever you choose Log Out, or whenever the Mac logs you out automatically (Section 12.9.3). But a few extra controls let you, an administrator, set up either more or less security at the login screen—or, put another way, build in less or more convenience. POWER USERS' CLINIC The Secret Account Options Anyone who knows Mac OS X very well might object to one sentence in this section: "If you're an administrator, you can change your own account in any way you like." Because everybody knows that there's one aspect of an account that even an admin can't change: the account's short name. Once that's created, it's yours forever, or at least until you delete the account. Now, you won't find this feature listed on Apple's "300 New Leopard Features" Web page, but it's true: In Leopard, there's now a secret way to pick a different short name. You can't easily change the one you created originally, but you can create another one—shorter, more memorable—that also works when you're logging in or authenticating yourself. To find it, Control-click (or right-click) the account's name in the list at the left side of the Accounts panel in System Preferences. From the shortcut menu, choose Advanced Options. The strange and wonderful Advanced Options panel appears. Right there in the middle is a "Short name" box, but don't edit that; it won't work. Instead, click the + button below the Aliases list. You're offered the chance to type in an alternative short name and then click OK. You can create as many of these aliases as you like. When it's all over, click OK. The next time you log into your Mac, you can use your new, improved short name instead of the old one.
  2. Rejoice that you lived to see the day. Open System Preferences, click Accounts, and then click the Login Options button (Figure 12-12). Here are some of the ways you can shape the login experience for greater security (or greater convenience): Figure 12-11. Top: This dialog box lets you know where to find the deleted account's material, should the need arise. Bottom: The files and settings of accounts you deleted live on, in the Users Deleted Users folder. • Automatic login. This option eliminates the need to sign in at all. It's a timesaving, hassle-free arrangement if only one person uses the Mac, or if one person uses it most of the time. When you choose an account holder's name from this pop-up menu, you're prompted for his name and password. Type it and click OK. From now on, the dialog box shown in Figure 12-1 won't appear at all at startup time. After turning on the machine, you, the specified account holder, zoom straight to your desktop. Of course, only one lucky person can enjoy this express ticket. Everybody else must still enter their names and passwords. (And how can they, since the Mac rushes right into the Automatic person's account at startup time? Answer: The Automatic thing happens only at startup time. The usual login screen appears whenever the current account holder logs out—by choosing Log Out, for example.) • Display login window as. Under normal circumstances, the login screen presents a list of account holders when you power up the Mac, as shown in Figure 12-1. That's the "List of users" option in action.
  3. If you're especially worried about security, however, you might not even want that list to appear. If you turn on "Name and password," each person who signs in must type both his name (into a blank that appears) and his password—a very inconvenient, but more secure, arrangement. Figure 12-12. These options make it easier or harder for people to sign in, offering various degrees of security. By the way: Turning on "Name and password" also lets you sign in as >console, a troubleshooting technique described on Section 10.30.7. It's also one way to sign in with the root account (Section 16.9), once you've activated it. • Show the Restart, Sleep, and Shut Down buttons. Truth is, the Mac OS X security system is easy to circumvent. Truly devoted evildoers can bypass the standard login screen in a number of different ways: restart in FireWire disk mode, restart at the Unix Terminal, and so on. Suddenly, these no-goodniks have full access to every document on the machine, blowing right past all of the safeguards you've so carefully established. One way to thwart them is to use FileVault (Section 12.9.2). Another is to turn off this checkbox. Now there's no Restart or Shut Down button to tempt mischief- makers. That's plenty of protection in most homes, schools, and workplaces; after all, Mac people tend to be nice people. But if you worry that somebody with a pronounced mean streak might restart simply by pulling the plug, then either use FileVault or set the Open Firmware password, as described in the box below. • Show Input menu in login window. If the Input menu (Section 9.13.3) is available at login time, it means that people who use non-U.S. keyboard layouts and alphabets can use the login features without having to pretend to be American.(It also means that you have a much wider universe of difficult-to-guess passwords, since your password can be in, for example, Japanese characters. Greetings, Mr. Bond-san.) POWER USERS' CLINIC The Firmware Password After all this discussion of security and passwords, it may come as a bit of a shock to learn that enterprising villains can bypass all of Mac OS X's security features in 10 seconds. If you haven't turned on FileVault, their nefarious
  4. options include using the Unix console described in Appendix B, using FireWire disk mode (Section 6.2), and so on. But there is one way to secure your Mac completely: by using the very secret, little known Firmware Password program. It's on your original Leopard DVD, in the Applications Utilities folder, just where it's been in previous Mac OS X versions—but in 10.5, Apple has made it invisible. Use TinkerTool (Section 17.1) to make the Finder show all hidden files and folders; then insert your Leopard DVD. Open the Applications Utilities folder that has magically appeared. You'll find the Firmware Password program inside. (On pre-Intel Macs, it's called Open Firmware Password. For the purposes of the features described here, however, it works identically.) When you run this utility, turn on "Require password to change firmware settings," as shown here. Then make up a master password that's required to start up from anything but the internal drive. Next, you're asked for an administrator's password. Finally, a message tells you, "The settings were successfully saved." Restart the Mac. From now on, whenever you attempt to start up in anything but the usual way, you're asked to type the Open Firmware password. For example, you see it when you press the C key to start up from a CD, or when you press Option to choose a different startup disk or partition. None of the usual startup-key tricks work. Holding down the C key to start up from a CD, holding down N to start up from a NetBoot server, pressing T to start up in Target Disk Mode, pressing D to start up from the installation DVD in diagnostic mode, pressing -V to start up in Verbose mode, -S to start up in Single-user mode, -Option-P-R key to reset the parameter RAM, pressing Option to start up from a different system disk, pressing Shift to enter Safe Boot mode—none of it works without the master Open Firmware Password.
  5. • • Show password hints. As described earlier, Mac OS X is kind enough to display your password hint ("middle name of the first person who ever kissed me") after you've typed it wrong three times when trying to log in. This option lets you turn off that feature for an extra layer of security. The hint will never appear. • Use VoiceOver at login window. The VoiceOver feature (Section is all well and good if you're blind. But how are you supposed to log in? Turn on this checkbox, and VoiceOver speaks the features on the Login panel, too. • Enable fast user switching. This feature lets you switch to another account without having to log out of the first one, as described on Section 12.8. • View as. If you do, in fact, turn on Fast User Switching, a new menu appears at the upper-right corner of your screen, listing all the account holders on the machine. Thanks to this pop-up menu, you can now specify what that menu looks like. It can display the current account holder's full name (Name), the short name (Short Name), or only a generic torso-silhouette icon (Icon) to save space on the menu bar.