[Mooga2]

Hi all,

This may be a dumb question, but is there some way to disable my having to authenticate myself when installing applications, installing updates, or changing System Preferences? I have my user set as an Administrator, but am still asked to verify myself whenever attempting to change or install anything. It's a little annoying sometimes...

Is this possible? Thanks in advance for your responses.
- Moo!

[MrNo]

No there is no way to disable it, and even if there was it would not be a good idea.

[mark9939]

Yeah, the admin prompts are there for your protection. That way, random people can;t g around your computer changing your vital settings and installing programs, etc.

Who knows maybe you could write an Applescript to type for password in those boxes... but I wouldn't recommend it.

[Catfish_Man]

He could log in as root, but that's generally considered a Bad Idea�

[chabig]

Yes. It's there for your protection. Do you keep your house door locked even when you're home--same idea.

Chris

[:XI:]

I don't have to authorise for system prefs. Is it just me? If I lock them and close the app, then I have to unlock them when I re-open the app. Otherwise, they're always unlocked.

[Art Vandelay]

Originally posted by :XI::
I don't have to authorise for system prefs. Is it just me? If I lock them and close the app, then I have to unlock them when I re-open the app. Otherwise, they're always unlocked.

That's normal.

[Uncle Skeleton]

Originally posted by chabig:
Yes. It's there for your protection. Do you keep your house door locked even when you're home--same idea.

Chris

a lot of people don't lock their doors even when they aren't home. And a lot of people have computers that aren't in public places and for them security is just an annoyance. And a lot of people would say that telling someone who asks for technical assistance simply that they shouldn't do what they're trying to do (especially if it's just because you would never do it, so there would never be a reason anyone else would want to do it) is arrogant, short-sighted, elitist and/or ignorant.

that said, I don't know of a way to turn off authentication

[theory]

I have never tried this but what if your admin
user had no password? Also I am quite
sure that if you log in as root (Super User)
you aren't asked to confirm anything
bad using root is considered bad for exactly
that reason.

[Telusman]

even when logged in as root you still get asked for an administrator password every now and then.

Originally posted by theory:
I have never tried this but what if your admin
user had no password? Also I am quite
sure that if you log in as root (Super User)
you aren't asked to confirm anything
bad using root is considered bad for exactly
that reason.

[Mooga2]

Thanks for the responses and good ideas, but it does look like I will be stuck with the passwords for some time. Hopefully in a future version of X, Apple will have an option to disable repeated passwords for already-authenticated users.

Cheers!
- Moo

[booboo]

Why does everyone think it's such a good idea that you're routinely asked for your password when installing software, YET you can trashany Application completely without having to give your password...

Also, I wonder about the wisdom of a 'global' Applications folder by default...

[macmike42]

Check out the file /etc/authorization. It's actually a plist, so you can edit it with Property List Editor if you like. It is rather complicated, and you can render your system un-login-to-able if you screw up, so be careful. If you scroll all the way down to the end, you can set the timeout for "general" authorization, which I believe is what you are authenticating against when you log in (automatically or not). Also see the "system.privilege.admin" item for anything that uses the AuthorizationExecuteWithPrivileges() function to run as root. I forget if setting the timeout to 0 makes it infinite or instant, though...

[Art Vandelay]

Originally posted by booboo:
Why does everyone think it's such a good idea that you're routinely asked for your password when installing software, YET you can trashany Application completely without having to give your password...

Also, I wonder about the wisdom of a 'global' Applications folder by default...

The reason installers prompt for a password is because they are either installing something into where you don't have access even as an admin (ie /System) or they are poorly designed installers. If it is only installing files into /Applications, then it should not be prompting for authorization unless you aren't an admin.

[mrmister]

You can actually choose to have no password, thought it will still prompt you to hit "return"...so there is no easy way to entirely disable these dialogs.

[theory]

Come to think of it wouldn't be too hard
to stop the admin authentication box from
comeing up if you are an admin user.

It would require modifying some of the
frameworks though and the sudoer file.

[macmike42]

Contrary to popular belief, it is not easy to have an empty password. If you leave the password field blank in the setup assistant or in the "My Account" change password screen, you will be informed that your password must be at least 4 characters. I would *not* recommend blanking your password directly through Netinfo (it's hashed), but if someone is brave, would you care to tell us if it works?

As for the sudoers file, sudo refers to it, yes, but Security.framework and SecurityServer have nothing to do with that. (sudo is simply setuid root and very carefully programmed)

[Fallout]

I always thought the reason for the authorization prompts (besides for accessing /System, etc) was to prevent viruses et al from running rampant.

[King Bob On The Cob]

Originally posted by macmike42:
Contrary to popular belief, it is not easy to have an empty password. If you leave the password field blank in the setup assistant or in the "My Account" change password screen, you will be informed that your password must be at least 4 characters. I would *not* recommend blanking your password directly through Netinfo (it's hashed), but if someone is brave, would you care to tell us if it works?

As for the sudoers file, sudo refers to it, yes, but Security.framework and SecurityServer have nothing to do with that. (sudo is simply setuid root and very carefully programmed)

I have never had a problem with blank passwords. I set my friends computer up with one and my sister's account had no pass for awhile...

[himself]

Originally posted by Uncle Skeleton:
a lot of people don't lock their doors even when they aren't home. And a lot of people have computers that aren't in public places and for them security is just an annoyance. And a lot of people would say that telling someone who asks for technical assistance simply that they shouldn't do what they're trying to do (especially if it's just because you would never do it, so there would never be a reason anyone else would want to do it) is arrogant, short-sighted, elitist and/or ignorant.

that said, I don't know of a way to turn off authentication

There are plenty of good reasons to have the authentication features OS X has implemented. For one, if you are frequently on the internet or if you are connected to any kind of network, it prevents unauthorized access to your machine and critical system files. It prevents malicous code (viruses, or virii as the educated may say it) from wreaking havoc on your system� just take a look at windows to see how much of a benefit this can be. I'd much rather deal with this minor "annoyance" than have to fend off countless attacks.

Most folks are still used to the OS 9 way of doing things (and it wasn't bad to begin with) where the system was so inherently secure (but not invulnerable) that authentication wasn't necessary. Well, things a little different with OS X. It's more powerful, and at the same time it's more delicate. It's all to easy to cause irreversible damage to the system in OS X (intentionally or not), so I guess folks will just have to learn to live with the authentication notices.

But this has me wondering� does installing OS X without the BSD subsystem change the authentication proceedures?

[Millennium]

Originally posted by Mooga2:
This may be a dumb question, but is there some way to disable my having to authenticate myself when installing applications, installing updates, or changing System Preferences? I have my user set as an Administrator, but am still asked to verify myself whenever attempting to change or install anything. It's a little annoying sometimes...

Is this possible? Thanks in advance for your responses.

It is possible.

That said, do not do it. It is there for security reasons.

Apple is working to make Kerberos its default security mechanism. I don't think that this is slated for Panther, but will probably be done by the next release. Once that is complete, after you have input your password once, you should not be asked again for eight hours, assuming your apps use the Security Framework correctly (which most OSX apps do). In fact, this may even extend to sudo'ing stuff in the Terminal.

[Brass]

Originally posted by macmike42:
Contrary to popular belief, it is not easy to have an empty password. If you leave the password field blank in the setup assistant or in the "My Account" change password screen, you will be informed that your password must be at least 4 characters. I would *not* recommend blanking your password directly through Netinfo (it's hashed), but if someone is brave, would you care to tell us if it works?

As for the sudoers file, sudo refers to it, yes, but Security.framework and SecurityServer have nothing to do with that. (sudo is simply setuid root and very carefully programmed)

I too have no problems using a blank password. I always have a "Guest" account with an empty password. It gives a warning when creating the password, but doesn't prevent it being created. The user has limitted permissions, but any guest in my house can click the "Guest" button in the login panel and log straight in without even being prompted for a password.

[IUJHJSDHE]

Originally posted by booboo:
Why does everyone think it's such a good idea that you're routinely asked for your password when installing software, YET you can trashany Application completely without having to give your password...

Also, I wonder about the wisdom of a 'global' Applications folder by default...

Unless you're an admin, You can't do that.

[iFix Rene]

in panther sysprefs there will be an option...

'ask password for every secure item'
(or similar)

wich you can enable/disable

this will minimize it at least a little, i think