|
|
Super User!!!
|
|
|
|
Forum Regular
Join Date: Jun 2003
Location: San Francisco
Status:
Offline
|
|
Hi all,
This may be a dumb question, but is there some way to disable my having to authenticate myself when installing applications, installing updates, or changing System Preferences? I have my user set as an Administrator, but am still asked to verify myself whenever attempting to change or install anything. It's a little annoying sometimes...
Is this possible? Thanks in advance for your responses.
- Moo!
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Apr 2002
Location: Chicago
Status:
Offline
|
|
No there is no way to disable it, and even if there was it would not be a good idea.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Apr 2002
Status:
Offline
|
|
Yeah, the admin prompts are there for your protection. That way, random people can;t g around your computer changing your vital settings and installing programs, etc.
Who knows maybe you could write an Applescript to type for password in those boxes... but I wouldn't recommend it.
|
MBP 1.83 GHz CD/iPod 30GB
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Status:
Offline
|
|
He could log in as root, but that's generally considered a Bad Idea�
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jun 1999
Location: Las Vegas, NV, USA
Status:
Offline
|
|
Yes. It's there for your protection. Do you keep your house door locked even when you're home--same idea.
Chris
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2002
Status:
Offline
|
|
I don't have to authorise for system prefs. Is it just me? If I lock them and close the app, then I have to unlock them when I re-open the app. Otherwise, they're always unlocked.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Offline
|
|
Originally posted by :XI::
I don't have to authorise for system prefs. Is it just me? If I lock them and close the app, then I have to unlock them when I re-open the app. Otherwise, they're always unlocked.
That's normal.
|
Vandelay Industries
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Nov 2002
Location: Rockville, MD
Status:
Offline
|
|
Originally posted by chabig:
Yes. It's there for your protection. Do you keep your house door locked even when you're home--same idea.
Chris
a lot of people don't lock their doors even when they aren't home. And a lot of people have computers that aren't in public places and for them security is just an annoyance. And a lot of people would say that telling someone who asks for technical assistance simply that they shouldn't do what they're trying to do (especially if it's just because you would never do it, so there would never be a reason anyone else would want to do it) is arrogant, short-sighted, elitist and/or ignorant.
that said, I don't know of a way to turn off authentication
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2002
Status:
Offline
|
|
I have never tried this but what if your admin
user had no password? Also I am quite
sure that if you log in as root (Super User)
you aren't asked to confirm anything
bad using root is considered bad for exactly
that reason.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Calgary, Alberta
Status:
Offline
|
|
even when logged in as root you still get asked for an administrator password every now and then.
Originally posted by theory:
I have never tried this but what if your admin
user had no password? Also I am quite
sure that if you log in as root (Super User)
you aren't asked to confirm anything
bad using root is considered bad for exactly
that reason.
|
"No ma'am i'm not angry at you, I'm angry at the cruel twist of fate that directed your call to my extension..."
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Jun 2003
Location: San Francisco
Status:
Offline
|
|
Thanks for the responses and good ideas, but it does look like I will be stuck with the passwords for some time. Hopefully in a future version of X, Apple will have an option to disable repeated passwords for already-authenticated users.
Cheers!
- Moo
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Status:
Offline
|
|
Why does everyone think it's such a good idea that you're routinely asked for your password when installing software, YET you can trashany Application completely without having to give your password...
Also, I wonder about the wisdom of a 'global' Applications folder by default...
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2001
Status:
Offline
|
|
Check out the file /etc/authorization. It's actually a plist, so you can edit it with Property List Editor if you like. It is rather complicated, and you can render your system un-login-to-able if you screw up, so be careful. If you scroll all the way down to the end, you can set the timeout for "general" authorization, which I believe is what you are authenticating against when you log in (automatically or not). Also see the "system.privilege.admin" item for anything that uses the AuthorizationExecuteWithPrivileges() function to run as root. I forget if setting the timeout to 0 makes it infinite or instant, though...
|
"Think Different. Like The Rest Of Us."
iBook G4/1.2GHz | 1.25GB | 60GB | Mac OS X 10.4.2
Athlon XP 2500+/1.83GHz | 1GB PC3200 | 120GB | Windows XP
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Offline
|
|
Originally posted by booboo:
Why does everyone think it's such a good idea that you're routinely asked for your password when installing software, YET you can trashany Application completely without having to give your password...
Also, I wonder about the wisdom of a 'global' Applications folder by default...
The reason installers prompt for a password is because they are either installing something into where you don't have access even as an admin (ie /System) or they are poorly designed installers. If it is only installing files into /Applications, then it should not be prompting for authorization unless you aren't an admin.
|
Vandelay Industries
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2000
Status:
Offline
|
|
You can actually choose to have no password, thought it will still prompt you to hit "return"...so there is no easy way to entirely disable these dialogs.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2002
Status:
Offline
|
|
Come to think of it wouldn't be too hard
to stop the admin authentication box from
comeing up if you are an admin user.
It would require modifying some of the
frameworks though and the sudoer file.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2001
Status:
Offline
|
|
Contrary to popular belief, it is not easy to have an empty password. If you leave the password field blank in the setup assistant or in the "My Account" change password screen, you will be informed that your password must be at least 4 characters. I would *not* recommend blanking your password directly through Netinfo (it's hashed), but if someone is brave, would you care to tell us if it works?
As for the sudoers file, sudo refers to it, yes, but Security.framework and SecurityServer have nothing to do with that. (sudo is simply setuid root and very carefully programmed)
|
"Think Different. Like The Rest Of Us."
iBook G4/1.2GHz | 1.25GB | 60GB | Mac OS X 10.4.2
Athlon XP 2500+/1.83GHz | 1GB PC3200 | 120GB | Windows XP
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Oct 2001
Location: Edmonton, AB
Status:
Offline
|
|
I always thought the reason for the authorization prompts (besides for accessing /System, etc) was to prevent viruses et al from running rampant.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Apr 2002
Location: Illinois
Status:
Offline
|
|
Originally posted by macmike42:
Contrary to popular belief, it is not easy to have an empty password. If you leave the password field blank in the setup assistant or in the "My Account" change password screen, you will be informed that your password must be at least 4 characters. I would *not* recommend blanking your password directly through Netinfo (it's hashed), but if someone is brave, would you care to tell us if it works?
As for the sudoers file, sudo refers to it, yes, but Security.framework and SecurityServer have nothing to do with that. (sudo is simply setuid root and very carefully programmed)
I have never had a problem with blank passwords. I set my friends computer up with one and my sister's account had no pass for awhile...
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2002
Location: Live at the BBQ
Status:
Offline
|
|
Originally posted by Uncle Skeleton:
a lot of people don't lock their doors even when they aren't home. And a lot of people have computers that aren't in public places and for them security is just an annoyance. And a lot of people would say that telling someone who asks for technical assistance simply that they shouldn't do what they're trying to do (especially if it's just because you would never do it, so there would never be a reason anyone else would want to do it) is arrogant, short-sighted, elitist and/or ignorant.
that said, I don't know of a way to turn off authentication
There are plenty of good reasons to have the authentication features OS X has implemented. For one, if you are frequently on the internet or if you are connected to any kind of network, it prevents unauthorized access to your machine and critical system files. It prevents malicous code (viruses, or virii as the educated may say it) from wreaking havoc on your system� just take a look at windows to see how much of a benefit this can be. I'd much rather deal with this minor "annoyance" than have to fend off countless attacks.
Most folks are still used to the OS 9 way of doing things (and it wasn't bad to begin with) where the system was so inherently secure (but not invulnerable) that authentication wasn't necessary. Well, things a little different with OS X. It's more powerful, and at the same time it's more delicate. It's all to easy to cause irreversible damage to the system in OS X (intentionally or not), so I guess folks will just have to learn to live with the authentication notices.
But this has me wondering� does installing OS X without the BSD subsystem change the authentication proceedures?
|
"Bill Gates can't guarantee Windows... how can you guarantee my safety?"
-John Crichton
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Status:
Offline
|
|
Originally posted by Mooga2:
This may be a dumb question, but is there some way to disable my having to authenticate myself when installing applications, installing updates, or changing System Preferences? I have my user set as an Administrator, but am still asked to verify myself whenever attempting to change or install anything. It's a little annoying sometimes...
Is this possible? Thanks in advance for your responses.
It is possible.
That said, do not do it. It is there for security reasons.
Apple is working to make Kerberos its default security mechanism. I don't think that this is slated for Panther, but will probably be done by the next release. Once that is complete, after you have input your password once, you should not be asked again for eight hours, assuming your apps use the Security Framework correctly (which most OSX apps do). In fact, this may even extend to sudo'ing stuff in the Terminal.
|
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status:
Offline
|
|
Originally posted by macmike42:
Contrary to popular belief, it is not easy to have an empty password. If you leave the password field blank in the setup assistant or in the "My Account" change password screen, you will be informed that your password must be at least 4 characters. I would *not* recommend blanking your password directly through Netinfo (it's hashed), but if someone is brave, would you care to tell us if it works?
As for the sudoers file, sudo refers to it, yes, but Security.framework and SecurityServer have nothing to do with that. (sudo is simply setuid root and very carefully programmed)
I too have no problems using a blank password. I always have a "Guest" account with an empty password. It gives a warning when creating the password, but doesn't prevent it being created. The user has limitted permissions, but any guest in my house can click the "Guest" button in the login panel and log straight in without even being prompted for a password.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Australia
Status:
Offline
|
|
Originally posted by booboo:
Why does everyone think it's such a good idea that you're routinely asked for your password when installing software, YET you can trashany Application completely without having to give your password...
Also, I wonder about the wisdom of a 'global' Applications folder by default...
Unless you're an admin, You can't do that.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Status:
Offline
|
|
in panther sysprefs there will be an option...
'ask password for every secure item'
(or similar)
wich you can enable/disable
this will minimize it at least a little, i think
|
If it ain't broken... Fix it!�
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|