Hello,
On some of our Mac workstations, we have service accounts logged in doing various tasks that users kick off by logging into the service account. In order to make it more secure, we're not allowing the users to login directly as the service account.
The idea is a single user has the actual credentials for the service account and they login to kick off the various tasks. At some point a different user may need to login to that existing session to capture the task results, or start new tasks, but we don't want the actual account to be shared, so we've allowed the additional users to unlock the screen saver of the logged in service account.
In order to allow the users to unlock the screen saver of the logged in service account user I commented out the following line in /etc/pam.d/screensaver:
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Then at the screen saver login prompt, we can use option+enter to enter a specific administrator user's credentials to unlock the existing session, however, when the users unlock the screen saver, I want to capture which user unlocked the screen saver.
I'm at a loss as to what log entry shows which user unlocked the screen saver. Any help on finding that log entry is appreciated.
Thanks,
Heath
