Filter
Top Products
Chapter 8 Working with Users and Groups 129
5 If the computer did start up in single-user mode, restart the computer by issuing the
command reboot. Then repeat the previous steps for putting the computer into
command mode. Open Firmware protection can be violated if the user has physical
access to the computer; If the user changes the physical memory configuration of the
computer and then resets the PRAM 3 times (holding down Option-P-R during boot),
the Open Firmware password will be disabled.
To set the Open Firmware password for increased security:
1 Boot the computer while holding Command-Option-O-F (all four keys at the same
time) to enter the Open Firmware command prompt.
2 At the prompt, enter the command:
> password
3 Enter and verify the password to be used as the Open Firmware password.
This password is limited to eight characters. A strong password should be chosen;
in this instance, a computer-generated random password would be a good choice.
This password should be written down, and secured in the same location as the Master
FileVault password. This password will not be needed except for situations where the
computer must be booted from an alternate disk, such as if the startup disk fails or its
file system is in need of repair.
4 To restart the computer and enable the settings, enter the command:
> reset-all
5 The computer should restart and display the login window.
Note: An Open Firmware password provides some protection, although it can be reset
if a user has physical access to the computer and can change the physical memory
configuration of the computer.
Setting Password Policy
Us the pwpolicy tool to adjust the password policies of your users. This tool can be
used to view or set global password policies that force users to change passwords, limit
the number and type of characters in a password, the length of time before passwords
can be reused, and when passwords must be changed.
For secure passwords, you should require every password to have a minimum of 5
characters. You may use a higher number of characters if a more secure password is
desired. It is also a good idea to have users change passwords frequently.