Re: [Fed-Talk] Keychain password needed for Safari
Re: [Fed-Talk] Keychain password needed for Safari
- Subject: Re: [Fed-Talk] Keychain password needed for Safari
- From: Richard Murphy <email@hidden>
- Date: Tue, 31 Aug 2010 12:56:46 -0700
On Aug 31, 2010, at 12:16 PM, Krzebiot, Robert J. wrote: I have a Mac that is bound to Active directory. There was a problem where we had to reset the Active Directory password. The old password was saved in the keychain. When the user put in the new password to login, it prompted him with the question to save it in the keychain where he promptly said no, big mistake.
I think you're talking about the password used to encrypt the keychain - the keychain password. That's different from a password that's saved in the keychain.
By default the login password is used to encrypt the login keychain when it's created. This is a "by convention", not enforced. When passwords for accounts are changed we give the chance to change the login keychain password at the earliest possible opportunity; usually when the user first logs in after the password change. If the user elects to not change the keychain password at that time the keychain password remains their old login password (or any other password they may have assigned the login keychain using KeychainAccess).
Now when the user logs in on his system, and opens Safari, it constantly prompts him for the password from the keychain which when he puts in any of the known passwords, it is rejected. His Keychain includes certificates for signing emails and digital signatures, so I cannot just delete this keychain and start new. Is there anyone who knows how to clear the keychain password without wiping his keychain? We have tried to export his certs out of keychain but it prompts for a password, which it rejects all that are known for the system. Anyone have any ideas?
If nothing else has been done the keychain password is probably the old password before the Active Directory password reset. If that's the case you can use the Keychain Access utility to change the login keychain password. That option is under the "Edit" menu. It should ask for the old keychain password (the one before the AD reset) and then for the password you want the keychain password to be (probably the login password after the reset). After that operation is complete you can logout and back in to have the keychain automatically opened.
- murf
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden