Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Log into a switched-out fast user switching account System
If you open NetInfo Manager (in Applications -> Utilities) and navigate through the columns from / to users to a chosen username, among the properties listed below is passwd. In the early days of OS X, this property contained the password hash, but adoption of shadowed passwords means that now the property only displays ********. Unlike before, it doesn't appear to contain any useful information, but apparently it still does do something.

One observation was that if the passwd value for a user is changed to a single * and the changes saved, the user no longer appears in the login window. The account is not inactivated -- it is fully functional and requires the original password to log in. The result is some reduction of clutter in the login window, without having to go through the hassle of changing uids below 500. The user's name still appears in the "Fast User Switching" (FUS) menu. This modification appears to be stable through reboots.

A second observation was that deleting a user's passwd property altogether allows a user to "Fast User Switch" into that account without supplying a password. It does not matter if that user is logged in or not. This may be useful if a conscientious administrator needs to restart the computer, but wants to save a "switched out" user's open documents. To log in, choose the username from the FUS menu, and without entering a password, hit Return several times in rapid succession. If access is denied, cancel once and try again. Logging in through the "Login window" is not permitted.

Adding back the passwd property in NetInfo Manager (surprisingly?) results in restoration of the original password to the account. Caution: It may be necessary to enter an incorrect password once in the FUS menu before it stops accepting a blank password. One limitation is that this will not allow access to a File Vault protected account if the user is not already logged in.

[robg adds: Although some may feel this is a security hole, I agree with the poster, who also wrote me offline -- it's not, because you have to already be logged in as an Admin to do any of this. And if you're already running as Admin, you can do much worse things than what's shown in this hint. The use of a single asterisk to hide a given user in the login window list seems quite interesting -- the only built-in method of doing this is to use the Accounts pane to disable the list completely. The method above would let you selectively hide just certain users...]
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[8,021 views]  

Log into a switched-out fast user switching account | 6 comments | Create New Account
Click here to return to the 'Log into a switched-out fast user switching account' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Log into a switched-out fast user switching account
Authored by: Hyo on Dec 13, '04 12:27:26PM

I've tested this one out and works exactly as described. The user I selected disappeared from the Login Window. Just a question though... is there any way of removing such user from the Fast User Switching dropdown menu on th Finder bar? If so, how would you access such user? You know, if it were COMPLETELY hidden?

---
ぜたいまけないよ!



[ Reply to This | # ]
via the login window, just disable list of users
Authored by: hamarkus on Dec 13, '04 01:42:31PM

Go to System Preferences, to Accounts, to Login Options and select 'Name and Password'.



[ Reply to This | # ]
There is another method!
Authored by: pheed on Dec 13, '04 04:42:19PM
Actually (and I believe I learned this from OS X Hints), there is another way to remove a user from both the Login Window and the Fast User switching menu.

After creating your new User, open the NetInfo utility and remove the person's Full Name...leaving only the short name. The only evidence that the user exists is the home folder and even that can be made invisible using a utility like XRay. The list of Accounts in System Preferences however, will still reveal the existence of this user.

Look here for full details.

---

E-mail me: moc.cam@deehp

[ Reply to This | # ]

There is another method!
Authored by: Hyo on Dec 15, '04 01:38:02AM

Thanks a lot, that does exactly what I want ^^

---
ぜたいまけないよ!



[ Reply to This | # ]
Re-adding passwd did not work
Authored by: Imaria on Dec 13, '04 02:44:46PM

I tried the removing the passwd trick, and that allowed the blank login, but re-adding the passwd item did not succeed. It was listed as "new_value", and allowed no login whatsoever if I put anything in. I had to clear the account and re-add the files to a new user account to be able to add a password. Was there another step after adding back the passwd value?



[ Reply to This | # ]
Log into a switched-out fast user switching account
Authored by: macario on Feb 22, '05 12:37:03AM

I would be concerned to someone being able to remotelly my machine without having to use any password by the method above, anyway I would like to have a mean to do fast user switching without having to type any password,
even for the admin. Is there a way to do this?
If i follow the method above by using changing the pswrd to * or deleting the entry, am I exposed to someone being able to acces my machine?



[ Reply to This | # ]