10.7: Unlock screens using any admin password
Jan 24, '12 07:30:00AM
Contributed by: skinlayers
Under Lion, the screen saver authentication dialog box does not allow you to enter a username. So even if you've made the changes detailed in this Snow Leopard hint there is no way to put in alternate credentials to unlock a user's screen.
First, edit /etc/pam.d/screensaver as per the original Snow Leopard hint:
- Open /Applications/Utilities/Terminal.app
- Type cd /etc/pam.d
- 3. sudo cp screensaver screensaver.bak
- 4. sudo nano screensaver
- 5. Find the line:
account required pam_group.so no_warn group=admin,wheel fail_safe
and change it to:
account sufficient pam_group.so no_warn group=admin,wheel fail_safe
- Press Control+X to save /etc/pam.d/screensaver and exit nano.
Then, still in Terminal, we make a wholly unintuitive change to /etc/authorization:
- cd /etc
- sudo cp authorization authorization.bak
- sudo nano authorization
- Press Control+W and search for unlock the screensaver
- Change the line:
<string>The owner or any administrator can unlock the screensaver.</string>
to:
<string> (Use SecurityAgent.) The owner or any administrator can unlock the screensaver.</string>
- Press Control+X to save /etc/authorization and exit nano.
- Reboot the Mac
[crarko adds: I haven't tested this one, but the original Snow Leopard hint was good. Be sure to make the file backups before doing any editing, and if it were me, I'd want to do this on a test machine (with a full system backup) before deploying it. If you try this and find any errors/omissions please post them in the comments, and I'll correct the hint.
Note: Changed references to /etc/authentication to the correct file /etc/authorization and other cleanup.]
Comments (17)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20120116131248157