Apple set a timeout which will remember the authentication for 300 seconds. This may be handy for a personal computer which is only used by one user. Of course, it is a security risk in a network with full of students having a lot of bad ideas in their heads. You can remove the timeout by editing the file
/etc/authorization with your favourite text editor and changing the timeout integer key to
0. Since it is an XML file, it might be handy to open it in Property List Editor. I use the following command to do so:
% open -a "Property List Editor.app" /etc/authorization
If you remove the timeout key, then the authentication well never timeout.
Be careful - you are editing a file which is mainly responsible for the security of your system!. I recommend backing up the file, before you change it:
% sudo cp -p /etc/authorization /etc/authorization.original
Some users reported that after a login of an admin user, the Finder does not request for authentication if you modify system files within the first five minutes. This is a result of the timeout value of 300 seconds set in
/etc/authorization. After changing the value to
0, this security bug is gone. In general, I use my account without admin rights and was surprised that if you
su to an admin user in a shell, the Finder does not ask for any authentication if you modify System files. The even more problematic security bug is that the Finder still remembers the authentication even if you exited the admin session in the shell properly with
exit, therefore I recommend to set the timeout to
0 on client computers, especially on computers where admins and regular users are working together.