1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mac Admin Password HELP

Discussion in 'Mac - General discussion' started by justin94, Dec 11, 2009.

  1. justin94

    justin94 Member

    Joined:
    Dec 11, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    I am currently using a standard user account for the MAC OSX 10.5.4
    The firmware password is in effect so I am not able to boot into single user mod to boot from a reset disc. Is there a way how I can disable the password for the firmware or reset it?
    I basically need to create an admin account. If you have info please reply.
     
  2. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    moved to correct forum as not a pc hardware issue.
     
  3. scum101

    scum101 Guest

    is this your computer.. or does somebody else have administrator rights?.. if the second you need to ask them.

    no publicly posted help will be forthcoming as this involves unix root account security
     
    Last edited by a moderator: Dec 12, 2009
  4. Gneiss1

    Gneiss1 Regular member

    Joined:
    Oct 28, 2007
    Messages:
    170
    Likes Received:
    0
    Trophy Points:
    26
    Slum101 is correct, of course.

    There are solutions, however. The easiest way, if you have an Apple 'Genius bar' in the region, is to take it in with proof of ownership. (Take it in before happy hour.) The safe passphrases for the administator's account, the firmware, (and the FileVault on corporate computers) are very sensitive.


    Problems with Installs

    Mac users are beta-testers, we know, and there appear to be several uncommon instances where you can built 10.5, set your administrator password, set your firmware password to require the administrator password to gain access from an optical disc or single-user mode, log out; and then find your administrator password is invalid. :-( You can't use a disc or single-user mode.

    Just one Problem with an iMac
    http://support.apple.com/kb/TS1413?viewlocale=en_US


    Physical Security of the Home Laptop

    The firmware password is only of value (and it is), when you leave your laptop cabled in a café or library, and you use the restroom. A stolen laptop is not protected unless the data is encrypted.

    Against established policy, I always keep a little notebook of my locations, login names, passwords, &c. When banking locally or using an internet bank, I have Safari keep no trace on disk, and I remember those two safe passphrases. So, should someone find my keyboard locked while I'm using a restroom, access by optical disk (using OS9, for example), will reveal, at worst, a cookie from NetFlix. Not much can be done with that while I contact them. Decrypting the keychain would reveal, at most, rotating passphrases to forums.

    They would also get a lot of boring scientific data and essays.


    Physical Security of the Corporate Laptop

    Were mine a corporate laptop, it would have the keychain encrypted (by default), a firmware password (to prevent instant info theft), and my home folder encrypted. The corporate administrator would own the administrator password, firmware password, and I would own the FileVault password.

    Upon removing a stolen hard drive, all that could be extracted would be ... some shared applications, containing no information? My MAC IDs of hardware, which the corporate LAN would no longer permit on it?

    Personally, I match the quality of my password to the danger of its being stolen. When asked personal questions, I always change my birthdate & such (and write them down), to avoid giving personal information to sites that might be cracked (and allow access to many places). On forums, I rotate a half-dozen easily remembered passwordphrases. Should I loose it from my keychain, for some reason, I can try six. I keep a list of random passwords in my notebook, to change all to in case of theft.

    Important passwords, such as e-mail, are randomly generated and also stored in the KeyChain, which is decrypted only after one has gained access to the applications with administrator tricks. By this time, I should have changed all with a secure computer or phone. Very important passwords, such as banks, never leave a trace in real memory or the hard disk.

    GNU/Linux can be built this way, but for booting from disc. However one can natively encrypt secure internet connections with SSL or ssh, even p2p phone calls, and soon there may be a secure filesystem. Were I a corporate laptop user, I think I'd keep my keychain on a tiny LaCie USB flash disk (shaped like a key), on my ... key chain.
     
  5. scum101

    scum101 Guest

    Indeed.. very true.

    There are ways to jumpstart any *nix system, but us sys-admins keep them to ourselves.

    I helped somebody do just that a few months ago.. it was an older machine and I had to go and experiment with a junker I have upstairs.. but a little reading and searching combined with an off the wall attitude cracked it in 3 tries. ALL the public info was wrong, in ways an experienced sys-admin would pick up on.. ;)
     
  6. Gneiss1

    Gneiss1 Regular member

    Joined:
    Oct 28, 2007
    Messages:
    170
    Likes Received:
    0
    Trophy Points:
    26
    Scum101's advice is correct.

    Apple sells hardware. It prefers to replace than repair. It appears unwilling to attempt fixes that are not economical or not certain to succeed.

    In fact, their solution to a tiny software corruption of my step-daughter's hard disk (caused by a flaw in their logic board), a disk which they knew contained the only photos of her daughter's first two years of life, was to discard the whole drive. They replaced it with a used drive containing only fragments of an earlier OS. It took me an afternoon just to make her computer usable.

    Apple writes every file smaller than 20MB contiguously (since 10.3), so it is a snap to retrieve every photo or self-written document (even with no directory). If a repair is rejected by Apple and by good repair shops on the internet, a responsible system administrator may be willing to help. (They're normally allowed to consult on off hours.) Good ones will change your system minimally to effect a repair.

    Unix

    Unix and MacOSX are multi-user operating sytems. The exact Darwin on your 10-year old iBook (almost) has run on mainframes at universities and served thousands of students for decades. So, system administrators (rather than repairmen) have been dealing with access problems for ... over 35 years.

    FileVault

    What I forgot to mention is the most 'dangerous' password: that which encrypts your home folder. It should only be important on corporate computers, for which Apple has added a 'master password' that can decrypt everyone's home folder. There it's not dangerous to lose.

    But the disorganized home user may have used it and lost it. In this case, Apple declares all your data lost. The more careless one was, the easier it is for an experienced system administrator or security consultant to actually retrieve your password and data. Usually.

    Help

    Should Apple repairmen say 'Not possible', ask someone wearing a pen protector at your local college or university computing center if any good administrators consult off hours. Or, perhaps a friend works for a corporation. It's better if you have an advocate who knows you well.

    The Apple lounge lizards are not the end of the line. If they were, MacOSX would run as reliably as GNU/Linux.

    PS. Should a criminal want their services, remember that your kind has forced system administrators to master the tortuous subject of cybercrime. So ... they're trained to recognize criminals, especially confidence types. And, they don't exactly like you.

     

Share This Page