Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > How do I modify 10.9 Mavericks Screen Saver Authentication

How do I modify 10.9 Mavericks Screen Saver Authentication
Thread Tools
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Dec 11, 2013, 09:08 AM
I need your help to unlock 10.9 Mavericks Screen Saver Authentication. In previous versions of Mac OS X, it was possible to enter the name of any local administrator account credentials and bypass the screen saver, regardless of who was currently logged into the console. Great for IT depot's that maintain a local master admin account. Example: An IT staff member could do maintenance/troubleshooting at an end user's Mac, even if the person had left the Mac workstation locked with a screen saver at lunchtime (i.e.; the end user was not required to physically unlock the screen saver)

Does anyone know if this behavior can be changed/reverted? Is this behavior stored in an XML plist or in /etc/authorization file?

I used to know how to do this with 10.7 Lion and 10.8 Mountain Lion but not this time with 10.9 Mavericks due of different files stored in /etc/

Here what I used to do with 10.7 and 10.8. Read below and please help me how can I work this with Mavericks.

cd /etc/pam.d
sudo cp screensaver screensaver.bak
sudo nano screensaver

Find the line:

account required pam_group.so no_warn group=admin,wheel fail_safe

and change it to:

account sufficient pam_group.so no_warn group=admin,wheel fail_safe

Save /etc/pam.d/screensaver and exit nano.

Then, we make a wholly unintuitive change to /etc/authorization:
cd /etc
sudo cp authorization authorization.bak
sudo nano authorization

Press control-w and search for "unlock the screensaver"

Change the line:

<string>The owner or any administrator can unlock the screensaver.</string>


<string>(Use SecurityAgent.) The owner or any administrator can unlock the screensaver.</string>

Save /etc/authorization and exit nano.


"Unfortunately, no one can be told what Mac OS X is... you must see it for yourself."
Fresh-Faced Recruit
Join Date: Jan 2007
Status: Offline
Reply With Quote
Dec 13, 2013, 05:25 PM
I haven't looked into it but I would not be surprised if they have changed it. If they did, I would suspect its most likely an incidental change, although I would love to find out it was actually on purpose.

You see your request although seemingly justified is bad for overall security, specially in an environment where user accountability might be an issue. For example in the medical records, where the doctor that orders/approves/requests a procedure or change to patient care is accountable for the consequences. This is the reason that Mac OS has no means to show you what the actual password of a user is, but will let you change it. Changing a password gets logged, and when you don't have access to a users original password you will be neither able to unlock their keychain nor set the password back to what it used to be without triggering a log entry.

Now I understand that in small environment this is neither necessary nor secure, since the only person with access or expertise into the logs is the admin, and he can alter or delete these files. But in an environment with auditing procedures and secured log servers this functionality makes things much better.

My suggestion to you and your admins is to have fast user switching enabled by default. This way when a computer is locked in the screen saver you can simply hit the switch user button and access the admin account that will let you maintain/upgrade/install almost anything necessary.

Good luck finding your answer, I hope my suggestion proves a little bit helpful.

Fresh-Faced Recruit
Join Date: Jul 2002
Status: Offline
Reply With Quote
Dec 13, 2013, 09:25 PM
If you press option-return at the password prompt it should then prompt for an admin username and password.
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Privacy Policy
All times are GMT -4. The time now is 10:08 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2