On Oct 5, 2011, at 11:34 AM, Scott Roebuck wrote: > 10.7 (Lion) will by default, no longer allow anyone except the current > console user to dismiss an active password protected screen saver. In > previous versions of Mac OS X, it was possible to enter the name of any local > administrator account credentials and bypass the screen saver, regardless of > who was currently logged into the console. > > In this environment computers are required to be locked so IT maintains a > local master admin account on all computers so that an IT staff member could > do maintenance/troubleshooting at an end user's Mac locked with a screen > saver. The end user is not required to be present to physically unlock the > screen saver. > > I believe this problem exists if you ARD in to the computer as well. > > In 10.6 you would be required to edit the /etc/pam.d/screensaver file in > order for this to work but that does not work in 10.7. Part of the problem in > 10.7 is that with a locked screensaver only the credentials of the current > console user is presented and it doesn't appear that there is anyway to > switch to another admin user. > > Does anyone know if this behavior can be changed? Am I just missing something > really simple?
I was not aware that you could ever do this in /etc/pam.d/screensaver. I thought that the place to do this was always /etc/authorization, specifically in the system.login.screensaver section. If the entry there indicates you should be able to do this, and you can't, then it is a bug and you should report it as such. -- Karl Kuehn lark...@softhome.net
_______________________________________________ MacOSX-talk mailing list MacOSX-talk@omnigroup.com http://www.omnigroup.com/mailman/listinfo/macosx-talk