Any of you folks using FileVault know what mechanism controls the ability to make sure the account that unlocks a disk (at power-on auth) is automatically logged on? I'm seeing intermittent behavior in some cases, where it may or may not automatically log the unlocking user into OS X.
Solved
FileVault users - Single Sign-On?
+13Best answer by thoule
FV will use the last known good password. If you authenticate while connected to AD (unlock a system pref, etc), then the Mac will update the FV password to match. Unless you authenticate while connected to the network, the cache isn't updated.
+5I've seen this problem when the password has expired for the unlocking (power-on auth) account. I would get beyond the unlock screen, but the OS then presented its own login screen and the power-on auth account credentials would not log me in.
+10I'm seeing this with in an AD environment with cached accounts, where a password change for one reason is recorded in AD (and changed from the computer using System Preferences) but FileVault doesn't recognize that the password has changed, thus the passwords are out of sync. The keychain is updated with the new credentials, the locally cached account has the new credentials, the directory has the new credentials, but FV is still using the old credentials.
I'm still trying to figure out why.
+15FV will use the last known good password. If you authenticate while connected to AD (unlock a system pref, etc), then the Mac will update the FV password to match. Unless you authenticate while connected to the network, the cache isn't updated.
+13@thoule This is what we've discovered as well. We're probably complicating things by using a 3rd party directory utility/mobile accounts, but that's not usually a problem for us anymore. Most of the time, if you perform a live/networked login with the updated credentials, it updates FileVault.
+16What OS's are you seeing this with?
We were seeing this with some 10.8.x devices, but then once we upgraded those devices to 10.9.2 they were fixed.
APPLE RECOMMENDED WAY TO TRIGGER SYNC - UPDATING NON_SYNCED FV PREBOOT PASSWORDS
touch "/System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources"
or
I FOUND THE BELOW WAY TO TRIGGER IT IN SOME CASES AS WELL
in terminal have user login with new password:
type "login username" at the prompt, then password.
We use Native AD Plugin.
+13What OS's are you seeing this with?
*Were; date stamps give you an idea of when, in case you're curious. It's much more reliable these days (perhaps due to Apple and/or Centrify updates since then).
Did Apple support give you the tip about that file? Seems reasonable. As for the second tip, that's about the same as thoule's recommendation (triggering an authentication).
+17I have this issue with Mac 10.10.4+ 10.10.3 are working fine. Have tried what you said on here still no luck.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.