From MAC OSX 10.6 Workstation Security Technical Implementation Guide
Part of OSX00200-Admin unlock Screen Saver
Associated with IA controls: ECPA-1, PESL-1
The default setting creates a possible point of attack, because the more users in the admin group the more dependent on those users to protect their user names and passwords. By changing the rule in “system.login.screensaver” to “authenticatesession-owner”, users of the admin group cannot unlock the screen saver.
Open a terminal session and enter the following command. more /etc/authorization Ensure the "system.login.screensaver" key includes the value "authenticate-session-owner". If not, this is a finding.
Open a terminal session and edit the following file. /etc/authorization Change "authenticate-session-owner-or-admin " to "authenticate-session-owner" in the "system.login.screensaver" key. Save the file.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer