Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.6: Unlock screens using any admin password' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Unlock screens using any admin password
Authored by: bryan_g on Jan 07, '11 08:44:31AM
I may have done something wrong, but I just implemented this and it looks like non-admin users are now able to unlock each other's accounts as well. I am in a setting where this is definitely undesired behavior (as I imagine it would be in most cases). I played with it a little bit and ended up using this in /etc/pam.d/screensaver:

# screensaver: auth account
auth       optional
auth       required nullok
account    required
account    sufficient
account    required no_warn group=admin,wheel fail_safe
account    sufficient no_warn deny group=admin,wheel ruser fail_safe
As far as I can tell, it lets admins unlock any screen and only allows non-admins to unlock their own.

[ Reply to This | # ]