Welcome to the MacNN Forums.

mattyd · Apr 12, 2005, 05:13 PM

Does anyone know if, in Tiger, the Fast User Switching menu is still in the menu bar or has it been moved to the Apple menu (where it probably should have been all along)?

Thanks.

Chuckit · Apr 12, 2005, 05:21 PM

http://www.apple.com/macosx/features/fastuserswitching/

On the Menu
When you activate Fast User Switching in the System Preferences, a new menu appears on the right of the menubar. A quick trip to it lets you switch between accounts. After a new user account is authenticated, the new user sees the account in the same state it was last left, with any applications running. That means you can keep everybody's preferences distinct without wasting time.

OptimusG4 · Apr 12, 2005, 05:21 PM

Still in the menubar, with new options on how to display it. For instance, you can continue having the full name listed, or choose from short name, or an icon to save screen space.

mattyd · Apr 12, 2005, 05:22 PM

Thanks!

Socially Awkward Solo · Apr 12, 2005, 05:27 PM

You can see it in the video:
http://www.apple.com/macosx/theater/...switching.html

Eug Wanker · Apr 12, 2005, 05:44 PM

I hope FUS works better in Tiger, because the way it works in Panther is brain dead.

lookmark · Apr 12, 2005, 05:48 PM

How do you want it to work better?

Socially Awkward Solo · Apr 12, 2005, 05:54 PM

Originally posted by Eug Wanker:
I hope FUS works better in Tiger, because the way it works in Panther is brain dead.

Ya what's wrong with it (other than iTunes still plays in the background which could be a good or bad thing).

OptimusG4 · Apr 12, 2005, 06:26 PM

Originally posted by Socially Awkward Solo:
Ya what's wrong with it (other than iTunes still plays in the background which could be a good or bad thing).

Well I think in Panther, iChat goes offline automatically. In Tiger, you have an option to have it go away or offline.

Eug Wanker · Apr 12, 2005, 07:22 PM

If you have password authentication active on wake from sleep, and you're switching from another account after a sleep, then you have to log in twice. That is braindead.

Plus there is this strange bug where the machine will go to sleep for no reason once you log in, although that might be specific to my TiBook. (Same problem even after a Panther reinstall.)

RayK · Apr 12, 2005, 07:32 PM

Originally posted by OptimusG4:
Well I think in Panther, iChat goes offline automatically. In Tiger, you have an option to have it go away or offline.

I want this!

Chuckit · Apr 12, 2005, 07:41 PM

Originally posted by Eug Wanker:
If you have password authentication active on wake from sleep, and you're switching from another account after a sleep, then you have to log in twice. That is braindead.

I don't see how. Two accounts, two logins.

Eug Wanker · Apr 12, 2005, 07:44 PM

Originally posted by Chuckit:
I don't see how. Two accounts, two logins.

You don't understand.

You have to login TWICE to get into ONE account, if you have wake from sleep password authentication turned on. That's just dumb.

ie. Login at FUS, and you'll be greeted by a second login screen. WTF?

- - e r i k - - · Apr 12, 2005, 08:17 PM

Originally posted by OptimusG4:
Still in the menubar, with new options on how to display it. For instance, you can continue having the full name listed, or choose from short name, or an icon to save screen space.

They didn't include the option to show user picture as the icon like WinSwitch. Why not I just don't get. I know the whole Apple b/w icon aesthetic up there, but they switched back from a bw-keyboard menu to the "#!$%# flags again in the course of the betas, so there's still color up there.

beverson · Apr 12, 2005, 08:23 PM

Originally posted by Eug Wanker:
You don't understand.

You have to login TWICE to get into ONE account, if you have wake from sleep password authentication turned on. That's just dumb.

ie. Login at FUS, and you'll be greeted by a second login screen. WTF?

Yeah, he's right. It's been a bug since Panther came out. Lots of support threads about it (and I'm sure many people like me have submitted multiple bug reports to Apple). I hope they finally fixed it.

Disgruntled Head of C-3PO · Apr 12, 2005, 08:45 PM

Originally posted by Eug Wanker:
If you have password authentication active on wake from sleep, and you're switching from another account after a sleep, then you have to log in twice. That is braindead.

Plus there is this strange bug where the machine will go to sleep for no reason once you log in, although that might be specific to my TiBook. (Same problem even after a Panther reinstall.)

That screensaver thing is stupid, but I have never seen that sleep problem on lots of different computers.

Eug Wanker · Apr 12, 2005, 08:47 PM

Originally posted by beverson:
Yeah, he's right. It's been a bug since Panther came out. Lots of support threads about it (and I'm sure many people like me have submitted multiple bug reports to Apple). I hope they finally fixed it.

Yeah, I submitted a bug report too.

Originally posted by Disgruntled Head of C-3PO:
That screensaver thing is stupid, but I have never seen that sleep problem on lots of different computers.

It only happens if you use FUS after a sleep. It doesn't happen any other time. Not consistent though.

olePigeon · Apr 12, 2005, 08:49 PM

I just want Fast User Switching to have a "Log out other user..." option so you don't have to switch between users unless it has an open dialog window.

Or, "Automatically log out user after switching" option.

chabig · Apr 12, 2005, 09:13 PM

Originally posted by olePigeon:
I just want Fast User Switching to have a "Log out other user..." option so you don't have to switch between users unless it has an open dialog window.

I don't understand what you mean by having an "open dialog window."

Or, "Automatically log out user after switching" option.

I don't think this would make sense. The philosophy of a multi-user system is that the user controls their own account. If you want to FUS to your account, that doesn't give you the authority to log the current user out.

Chris

Superchicken · Apr 12, 2005, 10:15 PM

I think there should be an option for FUS to not require a password. Or at least have the option to tell each account whether or not they need a password for FUS, or from which accounts. For example, let's say I create an account on my laptop for my youth group, I should be able to switch to that from my account without requiring a password, but require one for when switching back to mine. Or in a family or something like that. Parents could switch to their kids, but kids couldn't switch to each-other... so on and so forth...

chabig · Apr 12, 2005, 10:53 PM

Originally posted by Superchicken:
I think there should be an option for FUS to not require a password. Or at least have the option to tell each account whether or not they need a password for FUS, or from which accounts. For example, let's say I create an account on my laptop for my youth group, I should be able to switch to that from my account without requiring a password, but require one for when switching back to mine. Or in a family or something like that. Parents could switch to their kids, but kids couldn't switch to each-other... so on and so forth...

This is the way it works today. Just have a blank password for the accounts you don't want password protected.

Chris

Brass · Apr 12, 2005, 11:39 PM

Originally posted by chabig:
This is the way it works today. Just have a blank password for the accounts you don't want password protected.

Chris

That is not going to work. The accounts still need to be password protected in general. What people want, is for SOME users to be able to switch to the account. NOT for ALL users to be able to switch to the account, nor for ALL users to log in to the account.

chabig · Apr 13, 2005, 12:22 AM

Originally posted by Brass:
That is not going to work. The accounts still need to be password protected in general. What people want, is for SOME users to be able to switch to the account. NOT for ALL users to be able to switch to the account, nor for ALL users to log in to the account.

I see. You want your single account password to authorize you for multiple accounts. I never would have thought of that.

Brass · Apr 13, 2005, 12:36 AM

Originally posted by chabig:
I see. You want your single account password to authorize you for multiple accounts. I never would have thought of that.

That's almost it. But the other way around, conceptually. You want to say, "hey, this is my account, and I want to trust users X, Y and Z to use my account if they're already logged into to their own account."

Ie, you want to be able to set up some list of trusted users that can FUS to your own account.

To do it the other way around would be a bit hostile... "Well, I'm the admin of this machine, so I should be able to FUS to any account I like, without authentication". That's a bit nasty.

Socially Awkward Solo · Apr 13, 2005, 10:41 AM

Originally posted by chabig:
I don't think this would make sense. The philosophy of a multi-user system is that the user controls their own account. If you want to FUS to your account, that doesn't give you the authority to log the current user out.

Chris

You already can though. If you choose shutdown or restart it will tell you that there are other users and you can log them out if you are the admin.

- - e r i k - - · Apr 13, 2005, 01:13 PM

Originally posted by chabig:
I see. You want your single account password to authorize you for multiple accounts. I never would have thought of that.

I think what he's after is multiple desktops, not multiple accounts.

asdasd · Apr 13, 2005, 04:53 PM

ie. Login at FUS, and you'll be greeted by a second login screen. WTF?

Really a screensaver bug and not so much a FUS bug. You are not really being enticed to log in twice, there is no comparison between the login code and the unlock screen code. The bug is that the screensaver should not run - ever - when it is is an login session that is logged in, but not onscreen. All sessions are active however which is why iTunes plays ( same type of bug really). These seperate parts of the OS had to play nicely with FUS and it just didn;t happen at once. Surpising it was not fixed in a 10.3.x release, though.

selowitch · Apr 13, 2005, 07:25 PM

Also, Palm HotSync is seriously broken when FUS is enabled under Panther. I hope Tiger fixes that one, too.

LaGow · Apr 13, 2005, 07:31 PM

Originally posted by lookmark:
How do you want it to work better?

Keyboard commands. Or at least a keyboard command that brings up the login pane as a dialog to switch between the login state and/or another account.

osxisfun · Apr 13, 2005, 07:45 PM

Hi.

Forgive me but just to undestand. Either on 10.3 or 10.4 is there NO way to switch from user "john" to user "mary" WITHOUT typing in a password.

I would love at least the option just so i can test out stuff as another user but i am already tired of typing in a password as I switch back and forth...

Chuckit · Apr 13, 2005, 07:55 PM

Why should there be a way to switch from John to Mary without typing a password? That's the whole point of passwords! You have to enter them before you get access to stuff.

analogika · Apr 13, 2005, 08:23 PM

Originally posted by osxisfun:
Hi.

Forgive me but just to undestand. Either on 10.3 or 10.4 is there NO way to switch from user "john" to user "mary" WITHOUT typing in a password.

UNLESS "mary" has no password set.

Brass · Apr 13, 2005, 08:24 PM

Originally posted by osxisfun:
Hi.

Forgive me but just to undestand. Either on 10.3 or 10.4 is there NO way to switch from user "john" to user "mary" WITHOUT typing in a password.

I would love at least the option just so i can test out stuff as another user but i am already tired of typing in a password as I switch back and forth...

The only way you can do this, is if the user(s) you're switching to have no password. Obviously this is not what most people want, as it would apply to logging in and authenticating other actions without a password.

Brass · Apr 13, 2005, 08:34 PM

Originally posted by Chuckit:
Why should there be a way to switch from John to Mary without typing a password? That's the whole point of passwords! You have to enter them before you get access to stuff.

This is the point of the argument. It's the age old security versus usability argument. I usually lean towards the security side of the argument, but not in this case.

In my situation, I would like my wife to be able to switch to my account without having to know my password. Because I lean towards security, I'd like her to have to authenticate as herself to do so.

My preferred implementation would work the same way as sudo does, except that instead of having a universal "sudoers" list, there would be a per-user "fusers" list in your home directory, that you could use to configure which users had the right to switch to your account, AFTER authenticating as themselves first (whether they're already logged in or not).

I'm guessing that those users who lean towards the usability (instead of security) side of the argument, would like a similar list of trusted users, but wouldn't require them to have to authenticate first, but only to be switching from their already logged in account.

It actually makes very good sense from a usability sense, in a family home environment. Of course it does compromise the security, and the argument is whether or not it is worth the compromise, and how it can be implemented in the safest manner.

I think that the situation I've described above is just as safe as the way sudo is implemented, with the exception that you could potentially allow non-admin users into an admin account. However, it would NOT allow them to sudo, once in that account, as they wouldn't know the admin account's password. So in that sense it's actually safer than what we have now. Ie, currently, my wife has to know my password to log into my account. That means that she can get admin privileges on my machine, even though her own account is non-admin. This then allows her to also get root privileges using sudo.

So what I'm proposing is in that sense, even more secure than what we have now.

And yes, no matter how you set up your system, there are always the odd unexpected need for somebody else in your family to be able to access your account. I think it would be nice to be able to give those trusted users that access using FUS without having to know your account password.

selowitch · Apr 13, 2005, 08:41 PM

While you're waiting for Mac OS to implement that, can't you imitate this more-usable user-switching behavior via shell scripts triggered by AppleScript?

osxisfun · Apr 13, 2005, 08:50 PM

thanks Brass and analogika

chuckit, becuase i have set up a user specifically for testing a single app and i will be switching to a gagglion times. i don't care about security or a password when it comes to "mary"

the whole point for mary is "switching" not security.

asdasd · Apr 13, 2005, 09:02 PM

Brass,

When you FUS into an account it is the equivalent of a login. If you write code to allow a user to bypass the normal security measures for a FUS to an account with a password, it is almost as if the user had no password. When a login has a password, the password must be presented at login, encrypted and tested against a stored encrypted password. If that challenge is met, you login. The only reason to bypass this is if the user has no password, if he has you *have* to go through that procedure on FUS as on normal login. It is the same thing.

What you are asking for is a major breach of login security.

Brass · 07:29 PM

Originally Posted by asdasd

Brass,

When you FUS into an account it is the equivalent of a login. If you write code to allow a user to bypass the normal security measures for a FUS to an account with a password, it is almost as if the user had no password. When a login has a password, the password must be presented at login, encrypted and tested against a stored encrypted password. If that challenge is met, you login. The only reason to bypass this is if the user has no password, if he has you *have* to go through that procedure on FUS as on normal login. It is the same thing.

What you are asking for is a major breach of login security.

You are right in suggesting that it is not the best security, but it is at least as good as the existing sudo mechanism.

It would NOT be like having no password at all. It would be very different. If an account has no password, anybody can log in any time (like you mentioned). That is NOT what I'm arguing for here.

What I'm suggesting is more like the way in which sudo works. Only trusted users are allowed access, and they must authenticate with their own password to prove that they are in fact the trusted user.

In this way a user could configure a list of trusted users who they would allow to access their account by authenticating as the trusted user, (instead of as the account user).

For many family/home situations, this is MUCH MORE SECURE than the only current alternative, which is for me to tell my wife my password, which not only gives her full access to my account, but also gives her full ROOT ACCESS (via sudo), should she know or care about that sort of thing.

I'd like a mechanism where my wife could access my account, and NOT know my password.

I believe that what I'm suggesting is a reasonable compromise between security and useability, and that is does NOT compromise security of the system any more than the existing sudo mechanism.

frankiec · 07:51 PM

Originally Posted by Brass

I'd like a mechanism where my wife could access my account, and NOT know my password.

If they made an OS with all the crazy, lunatic, backwards "features" that don't make sense, are so petty, or only one person in the universe has the need for we would've never seen anything past System 1.

This is comedy at its best. Do you have that line trademarked? I want to use it for my sig.