Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
21222324252627282930
Open Firmware protection can be violated if the user has physical access to the
machine; If the user changes the physical memory configuration of the machine and
then resets the PRAM 3 times (holding down -option-P-R during boot,) the Open
Firmware password will be disabled.
An Open Firmware password will provide
some protection although it can be reset
if a user has physical access to the
machine and can change the physical
memory configuration of the machine.
The following Apple Knowledge Base articles discuss the Open Firmware password:
1) Title: Setting up Open Firmware Password protection in Mac OS X
10.1 or later; Article ID: 106482; URL:
http://docs.info.apple.com/article.html?artnum=106482
2) Title: Open Firmware: Password Not Recognized when it Contains the
Letter “U”; Article ID: 107666; URL:
http://docs.info.apple.com/article.html?artnum=107666
Even if a single-user mode boot is successfully initiated by changing the Open
Firmware settings, the system can still prevent automatic root login. To require
entry of a root password during a single-user mode boot, the console and ttys must
be marked as insecure in /etc/ttys. In fact, the system will require entry of a
special root password, stored in /etc/master.passwd. If this remains unset as
recommended, then it will be impossible for a user to enter the root password and
complete the single-user boot, even if the Open Firmware password protection was
bypassed. To perform this configuration:
1. To create a backup copy of /etc/ttys, issue the command:
sudo cp /etc/ttys /etc/ttys.old
2. Edit the /etc/ttys file as root, replacing occurrences of the word
“secure” with the word “insecure” in the configuration lines of the file. Any
line that does not begin with a “#” is a configuration line.
3. Exit, saving changes.
Only if the ability to boot into single-user mode is operationally required should a
password be provided for the root account in /etc/master.passwd. To provide
this password:
1. Open the master password file /etc/master.passwd.
2. Delete the asterisk following the word “
root”.
3. Open a new terminal window and issue the following command, replacing
<xx> with two random characters and <password> with an appropriate
8-character password:
22
UNCLASSIFIED