All mobile accounts on Mac OS X v10.5 or later (including external accounts) can use FileVault to encrypt the contents of the local home folder. For more information, see “Enabling FileVault for Mobile Accounts” on page 205.
For information about creating external accounts, see “Creating External Accounts” on page 208.
Logging In to External Accounts
If a user has a local home folder on an external drive and he or she connects it to a computer that allows the external account, logging in to an external account is like logging into a mobile account.
If there isn’t a local home folder on the external drive, or the external account isn’t allowed, the user must take a few additional steps before he or she can log in with the external account. If the user has a local home folder on the computer, the user can’t create a local home folder on an external drive.
If the user doesn’t have a local home folder on an external drive, the location setting in mobile account creation options might give the user the choice of where to store the local home folder:
ÂIf you set the location to “user chooses,” a window appears allowing the user to choose where to store the local home folder. You can limit the choices to store on the computer or on an external drive, or you can choose both. If the user chooses an external drive, a local home folder is created on the external drive.
ÂIf you set the location to “at path” and enter the path to the external drive, the user doesn’t choose a location.
For more information about setting up mobile account creation options, see “Creating External Accounts” on page 208.
After a local home folder is created on the external drive, if the computer is connected to the directory server that holds the mobile account, the user is allowed to log in. If it’s not connected to the directory server, Mac OS X checks to see if the external account is allowed or denied access to the computer.
If an external account isn’t permanently allowed or denied access to a computer, a dialog appears asking if the external account should be allowed or denied access to the computer. To allow access, the user must authenticate as the local computer administrator.
If the external account is allowed access, the user logs in. If the user is denied access, the user is returned to the login window.
The local administrator can permanently allow or deny access to the computer. If a user is permanently denied access, he or she can hold down the Option key while logging in to redisplay the dialog.
Chapter 8 Managing Portable Computers
135