Apple 10.5 Leapard manual Enabling FileVault for Mobile Accounts, OptionEffect

6Choose one of the following home folder options and then click OK.

OptionEffect

Enabling FileVault for Mobile Accounts

If your users have computers with Mac OS X v10.5 or later installed, you can use FileVault to encrypt the local home folders for their mobile accounts.

FileVault encrypts the user’s local home folder using the Advanced Encryption Standard with 128-bit keys (AES-128). The home folder content is safe even if the user’s computer is stolen or if an intruder attempts to use the computer while the user is not logged in.

The user’s login password is used to decrypt and give the user access to his or her FileVault-protected account. If the user forgets the login password and a computer administrator has set a master password, the administrator can use the master password to unlock all local accounts.

You can choose whether to require master passwords when enabling FileVault protection for mobile accounts:

ÂIf you don’t require a master password and there is no master password, local computer administrators can’t unlock the account.

ÂIf you require a master password and there is no master password, the user can’t enable a mobile account.

ÂIf you select “Require confirmation before creating mobile account,” the user can log in with a network account. Network accounts don’t have local home folders (preventing intruders from accessing home folder content).

If you enable FileVault, you can restrict the size of the local home folder. When you set a network home disk quota (in the Home pane of a user account), it limits the amount of space available for the user’s network home folder.

By restricting the size of the local home folder, you prevent the user’s local home folder from using more space than is available in the user’s network home folder. This ensures that the home folders can sync without requiring more space than is available in the network home folder.