The most important options that affect logging in are set from the System Preferences Accounts pane (Figure 2-12). At the bottom of the list of accounts is a picture of a house labeled Login Options. Click this icon to disable the automatic login feature or to select between the List of users and the Name and password text boxes method of logging in. Under Mac OS X Server, the default setup provides name and password text boxes and always requires a user to log in. Figure 2-12. System Preferences Accounts paneWhat to Do if You Cannot Log InWhen you enter your username or password incorrectly, the system shakes the login window from side to side after you enter both your username and password. The shaking effect is supposed to look like someone shaking his head "no." This behavior tells you that you have entered either the username or the password incorrectly, or that they are not valid. The behavior does not differentiate between an unacceptable login name and an unacceptable password, in an effort to discourage unauthorized people from guessing names and passwords to gain access to the system. The additional security of not disclosing the existence of a specific account is one of the advantages that the name and password text boxes method of logging in has over the list of users method. If you cannot log in check the following:
Refer to "Changing Your Password" on page 36 when you want to change your password. Logging In on the Text ConsoleThe name and password text box method of logging in (Figure 2-2, page 21) offers access to a nongraphical login called the text console that provides an interface similar to a traditional text terminal. To use the text console, enter the string >console in the Name text box and press RETURN. This special login string does not require a password. When you press RETURN OS X displays a blank screen with a traditional, textual UNIX Login: prompt. Enter your username and password in response to the prompts as described in "Textual Login" on page 21. Once you log in in this manner, you are working with the shell and a command line interface (page 23)you have no access to graphical features. You can use the text console as a fail-safe login because it bypasses the graphical environment, including Finder. Frequently you can repair or replace (from backups) corrupt files in this environment when you cannot log in to a graphical environment. The text console is the same environment that OS X provides in single-user mode (page 437). Logging OutTo log out from a graphical interface, select Log Out username (username is replaced by your long username) from the Apple menu. From a character-based interface, press CONTROL-D or give the command exit in response to the shell prompt. Exiting from a shell does not end a graphical session; it just exits from the shell you are working with. For example, exiting from the shell that Terminal provides closes the Terminal window. Changing Your PasswordIf someone else assigned you a password, it is a good idea to give yourself a new one. A good password is seven or eight characters long and contains a combination of numbers, uppercase and lowercase letters, and punctuation characters. Avoid using control characters (such as CONTROL-H) because they may have a special meaning to the system, making it impossible for you to log in. Do not use names, words from English or other languages, or other familiar words that someone can easily guess. For security reasons none of the passwords you enter is ever displayed by any utility. Security: Protect your password Do not allow someone to find out your password: Do not put your password in a file that is not encrypted, allow someone to watch you type your password, give it to someone you do not know (a system administrator never needs to know your password), or write it down. Security: Choose a password that is difficult to guess Do not use phone numbers, names of pets or kids, birthdays, words from a dictionary (not even a foreign language), and so forth. Do not use permutations of these items. Security: Differentiate between important and less important passwords It is important to differentiate between important and less important passwords. For example, Web site passwords for blogs or download access are not very important; it is acceptable to use the same password for these types of sites. However, your login, mail server, and bank account Web site passwords are critical: Never use these passwords for an unimportant Web site. Your password should meet the following criteria to be relatively secure:
When you successfully change your password, you change the way you log in. If you forget your password, Superuser can change it and tell you your new password. Changing Your Password GraphicallyTo change your password in a GUI, open System Preferences, go to the Accounts pane, select your account from the list on the left, and click Change Password. You must enter your new password twice before clicking Change Password or the system will not change it. When you change your password this way, you can set a password hint to remind you of your password. However, setting password hints is a poor security practice; it is better to pick a password you can remember. Changing Your Password TextuallyYou can also change your password by giving the command passwd from the command line; using the passwd utility changes your login password, but does not change your Keychain password. (The Keychain password is used by various graphical applications. You can change the Keychain password using the Keychain Access application.) The first item passwd asks you for is your old password. This password is verified to ensure that an unauthorized user is not trying to alter your password. Next the system requests the new password. After you enter your new password, the system asks you to retype it to ensure you did not make a mistake when you entered it the first time. If the new password is the same both times you enter it, your password is changed. If the passwords differ, it means that you made an error in one of them, and the system displays an error message: Mismatch; try again, EOF to quit. |