If you have an AppleScript which is launched by Cron (your login - not
root) and you are logged into the system then this should provide your
command (executed by the AppleScript) with access to the login session
and thus access to the keychain.
I am not 100% sure that this will work. But I think it should.
As Graham pointed out. I believe the issue is that the Cron job will
not have access to the login session and thus not be able to access
the keychain for the password.
If anyone has a more elegant solution, I would be very interested to
know.
I am looking forward to see any better ways of doing this. Having to
use an apple script and also be logged in is a pain.
It would be great if this could all happen somehow without needing to
be logged in. However, then you defeat the purpose of the keychain
because the action of logging into the system will typically unlock
the login keychain (provided the login password and the login keychain
password are the same). If you are not logged in to the system then
the data in the keychain should remain secure.
An other possibility may be to put the key onto a memory stick or
something like this. Then that USB key becomes the key if it is in the
system it could provide the password. The password could be very long.
The problem is that in this case the key could easily be copied.
Keep in touch.
Did you save the password in your keychain? I've seen that if I don't,
hdiutil compact can't compress the DMG without prompting for my
password. I
expect that as your cron job isn't running in your login context, it
can't
access your keychain to get at your password.
