Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.3: Use a more secure screen lock alternative System
As has been reported in many places (here, for one), there is a minor security issue with screen locking in Panther. To avoid this and generally provide a more secure screen lock, enable fast user switching in the Accounts system preferences under "Login Options" (even if you only have one user).

From now on, you can use the "Login Window..." menu item in the user switching menu to lock your computer instead of using the screensaver/sleep lockout. This menu item takes you back to the login screen without actually logging out, so all your applications will be the way they were when you "log back in." Your account is listed in the login screen as "currently logged in." As a bonus you also get to see the gratuitously cool rotating cube effect.
    •    
  • Currently 1.71 / 5
  You rated: 2 / 5 (7 votes cast)
 
[16,692 views]  

10.3: Use a more secure screen lock alternative | 26 comments | Create New Account
Click here to return to the '10.3: Use a more secure screen lock alternative' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Use a more secure screen lock alternative
Authored by: kleinmatic on Nov 05, '03 11:16:29AM

I'd like to do this, especially at work, but there doesn't seem to be any kind of screen saver when at the login prompt. I know that screen burn in doesn't really happen any more, but it's a little silly to have this big blue screen on my desk all weekend!

Does anybody have a cool hint that will get the screen saver to work on the login window?



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: rotaiv on Nov 05, '03 12:05:23PM

You could just turn off the display or turn down the brightness all the way so there is no image available.



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: mblosch on Nov 05, '03 12:29:27PM

I wonder if you made a seperate login screen and only gave access to the screen saver module. I am not sure if this will work or not



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: Anonymous on Nov 05, '03 01:21:12PM

Can't you just set the display to power down after N minutes in Energy Saver?



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: kleinmatic on Nov 05, '03 01:35:06PM

(oops, this was posted in the wrong place) Turning off the monitor in energy saver's not as cool -- I find that waking the monitor from sleep always makes the image muddy and subpar for a long time after's it's awake. Still, it's a good idea I haven't tried. I'll let you know!



[ Reply to This | # ]
Monitor probs...
Authored by: Accura on Nov 06, '03 05:50:15PM

This shouldn't happen. this is not a bug, (check your hardware. monitor or graphics card)

jameso

---
"The time has come," the walrus said. "To talk of many things..."



[ Reply to This | # ]
Processing power...
Authored by: Loren on Nov 05, '03 11:30:43AM
Another bonus that was pointed out to me by a friend on the Your Mac Life forums is that the login screen doesn't use the processor, where a screen saver does. So, if you are running some sort of task in the background, you might prefer to not waste processing power on a screen saver.

[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: stift on Nov 05, '03 12:21:50PM

or you just put your machine to sleep



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: sjonke on Nov 05, '03 12:27:10PM

The sleep lockout is the same thing as the screensaver lockout and has the same security flaw.

---
--- What?



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: robmorton on Nov 05, '03 01:10:04PM

Nice bonus to this is that the login screen can include the government required security banners. I like this trick a lot. Thanks.



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: SteveAtLinnwood on Nov 05, '03 03:47:03PM
I have read the you can turn on the Government Logos and banners, that they are inculded in 10.3.

Does anyone know how to do this?

[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: jtratcliff on Nov 06, '03 03:58:09PM

I'm not aware of any panther specific ways of doing this but I've been using login banners since 10.0...

The trick is to edit the file:

/Library/Preferences/com.apple.loginwindow.plist

add (or modify... I can't recall if it was there originally or not)

<key>LoginwindowText</key>
<string> Your login banner goes here! </string>

If your banner is a long one, it's best not use hard returns when you add it to the plist file. The login window will wrap as appropriate.

Don't forget to do your /etc/motd and /etc/ftpwelcome as well...

You can also add pre-login banners for ssh/telnet/ftp connection using tcpwrappers but I've not done that in OS X... nor using xinetd... so I can't be much help there...



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: phillipc on May 01, '04 09:25:38PM
Here is the thread you ar elooking for: http://www.macosxhints.com/article.php?story=20031104204203331

---
PhillipC

[ Reply to This | # ]

10.3: Use a more secure screen lock alternative
Authored by: kleinmatic on Nov 05, '03 01:28:34PM

Turning off the monitor in energy saver's not as cool -- I find that waking the monitor from sleep always makes the image muddy and subpar for a long time after's it's awake. Still, it's a good idea I haven't tried. I'll let you know!



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: urpaign on Nov 05, '03 01:54:28PM

Does anyone know how to disable the listing of names in the Fast User Switching menu to just get the Login Window item by itself, or some other shortcut to get the FUS login without going to this menu? The menu takes around 15 seconds to display because of the huge number of (work) accounts that have access to this machine. So much for *fast* switching. :-)

(No, the "Display Login Window as: Name and password" checkbox has no effect on this menu.)



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: okai on Nov 05, '03 05:16:16PM

IIRC UIDs below 500 don't show in loginwindow user list. So, my best guess is changing UIDs of all users at your place below 500 might work. Possibly that will poof users listing from Fast User Switching menu, too.

FWIW, Mike Bombich of Carbon Copy Cloner fame released a
loginwindow option tweaking utility called "LoginWindow Manager" that's now at version 1.0.1.

http://www.bombich.com/software/lwm.html

HTH



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: Air Mapster on Nov 06, '03 06:34:05PM

Yep, users with uids under 500 do not show up in the FUS menu. It's kind of a pain for me, though. My uid is 405 to maintain compatibility with other older systems on my network. I'm used to not showing up in the loginwindow -- that's no problem. Just down-arrow, option-enter and I get a standard name/password login box. And loginwindow correctly handles a case where a sub-500 uid is currently logged in - then it shows that user. But the Fast User Switching menu never shows uids under 500, even when they are logged in.

It's annoying because then my Fast User Switching becomes:
1. Click FUS menu, select Login Window...
2. Watch the login window spin around
3. Click on my name, which IS listed here because I'm logged in
4. Type in my password
5. Watch my desktop spin around

If the FUS menu were consistent with loginwindow behavior, then I could skip steps 2 and 3 like everyone else, except for the first time I login.

Even aside from my little rant, I wish Apple would just give us a couple of account flags that can be easily set by an administrator in the Accounts preference pane. Account shows up in loginwindow (true/false) and account shows up in FUS menu when not already logged in (true/false). Then these settings could be managed independently of uid value. I think I'll go suggest that in their feedback, but I don't expect anyone at Apple to actually care. :)



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: urpaign on Nov 07, '03 02:41:04PM

Looks like it is possible to switch without this menu after all. See this hint for details.



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: Durandal on Nov 05, '03 07:23:36PM

I would really like to do this, but I don't want that ridiculous FUS menu taking up huge amounts of space in my menu bar.

---
Damien Sorresso



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: okai on Nov 05, '03 07:35:07PM

Use either NetInfo Manager or Accounts preferences pane to change "Name" from the default long format to something different and shorten it like what is in the "User Name" field (short version). This change will not change Your long format name that's in Address Book. So, it's harmless to change this way.



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: catodysseus on May 01, '04 05:38:01AM

Use FUS++ 0.1.2!

It will display only your short screen name. I've beeen using it since december with no probs.



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: Anonymous on Nov 05, '03 09:42:30PM

No it's not. A lot of applications pick up your long username automatically and it is pain to have to manually type in your surname every time.

Perhaps Apple could have thought through their UI design a bit better - allowing the short name or user picture to be shown instead of the long name, for example. I know several people whose only complaint about Fast User Switching is the ridiculous amount of space it takes up in the menu bar.



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: okai on Nov 05, '03 11:21:32PM

Huh? Did you really try what I'd suggested? My FSU menu only show a shortened name (4 letters) that I changed from the default full name (10 letters). Yes, I changed the default full name in the name field, that appears atop, at the accounts pref pane just as the same as the user name field, which is the second field. So, the first field, "Name" field, which defaults to your full name is being used for FSU menu and you can change that field as you like. So, shorten your name there. That's the end of it.



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: avonterr on Nov 06, '03 12:26:15AM

Switch to "Login Window" -- Press the "Sleep" button. Does all black count as screensaver?



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: kenpen on Nov 07, '03 08:05:26AM

This is great, much better than screen saver. Does anyone know of a way to attach this to a hotkey? Like Command+Option+L or something? I looked at Quickeys and I don't think I want to spend $99 for this single function.



[ Reply to This | # ]
10.3: Use a more secure screen lock alternative
Authored by: kenpen on Nov 07, '03 05:26:04PM

Replying to my own post: I recently found another article that solves this issue. I've posted my solution there.
<a href="http://www.macosxhints.com/article.php?story=20031102031045417">http://www.macosxhints.com/article.php?story=20031102031045417</a>



[ Reply to This | # ]