Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.system > #96782 > unrolled thread

Login Passwords for KeyChain

Back to article view | Back to comp.sys.mac.system

Contents

  Login Passwords for KeyChain gtr <xxx@yyy.zzz> - 2016-11-13 10:56 -0800
    Re: Login Passwords for KeyChain dempson@actrix.gen.nz (David Empson) - 2016-11-14 19:20 +1300
      Re: Login Passwords for KeyChain Jolly Roger <jollyroger@pobox.com> - 2016-11-14 06:46 +0000
        Re: Login Passwords for KeyChain gtr <xxx@yyy.zzz> - 2016-11-14 07:03 -0800
          Re: Login Passwords for KeyChain Jolly Roger <jollyroger@pobox.com> - 2016-11-14 17:34 +0000
            Re: Login Passwords for KeyChain gtr <xxx@yyy.zzz> - 2016-11-14 18:09 -0800
            Re: Login Passwords for KeyChain me@home.spamsucks.ca (Király) - 2016-11-16 04:19 +0000
              Re: Login Passwords for KeyChain Jolly Roger <jollyroger@pobox.com> - 2016-11-16 05:39 +0000
            Re: Login Passwords for KeyChain gtr <xxx@yyy.zzz> - 2017-01-11 09:27 -0800
              Re: Login Passwords for KeyChain Jolly Roger <jollyroger@pobox.com> - 2017-01-11 21:14 +0000
      Re: Login Passwords for KeyChain gtr <xxx@yyy.zzz> - 2016-11-14 07:03 -0800

#96782 — Login Passwords for KeyChain

So this past week I was struck curious by a request for access to a 
keychain we rebootin.  It was the FMFD.

In recent reboots I'm asked for from 2 to 4 passwords, and have been 
for a number of years.  It's no great hassle, since it's generally so 
rare that I reboot anyhow.  Still, it makes me wonder if there isn't a 
simpler way.

Five or six years ago I mentioned I had no password on my keychain and 
was admonished for it and told I was leaving myself open to mayhem, so 
I put a password on it/them, that's when all of this began.

When I reboot, I have to provide a password to a keychain, initially, I 
didn't note which but assume either "local" or "login":

	commcenter
	identityservicesd
	accountsd

Next time it was:

	assistantd - access to Login keychain
	ScopedboomkmarkAgent - Login KC
	Safari - Local KC

Next time its:

	Safari - Local
	Commcenter - Login
	Identityservice - Login

Nex time its

	FMFD - Login

Are these just the sad facts of life or is there a way to cut down on 
this song-and-dance?

[toc] | [next] | [standalone]

#96832

gtr <xxx@yyy.zzz> wrote:

> So this past week I was struck curious by a request for access to a 
> keychain we rebootin.  It was the FMFD.
> 
> In recent reboots I'm asked for from 2 to 4 passwords, and have been 
> for a number of years.  It's no great hassle, since it's generally so
> rare that I reboot anyhow.  Still, it makes me wonder if there isn't a
> simpler way.

There is. Change the password on your "login" keychain so it is the same
as the user account password for your user account.

The system will then use the entry of the login password (either your
manual entry or if you have set up the computer to log in automatically)
to automatically unlock the login keychain, avoiding the need to type in
another password the first time something wants the keychain.

I used to have a different password for my keychain but several OS X
versions ago it started to get unweildy because too many things kept
asking for it. Made them the same password and that annoyance went away.

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [next] | [standalone]

#96833

David Empson <dempson@actrix.gen.nz> wrote:
> gtr <xxx@yyy.zzz> wrote:
> 
>> So this past week I was struck curious by a request for access to a 
>> keychain we rebootin.  It was the FMFD.
>> 
>> In recent reboots I'm asked for from 2 to 4 passwords, and have been 
>> for a number of years.  It's no great hassle, since it's generally so
>> rare that I reboot anyhow.  Still, it makes me wonder if there isn't a
>> simpler way.
> 
> There is. Change the password on your "login" keychain so it is the same
> as the user account password for your user account.

That's the default state on a newly installed system: both the user account
and the login key chain are set to the same password. 

> The system will then use the entry of the login password (either your
> manual entry or if you have set up the computer to log in automatically)
> to automatically unlock the login keychain, avoiding the need to type in
> another password the first time something wants the keychain.

That's how it works for most users because  the keychain password and user
account password are the same.

> I used to have a different password for my keychain but several OS X
> versions ago it started to get unweildy because too many things kept
> asking for it. Made them the same password and that annoyance went away.

I suspect gtr originally had his user account password and login keychain
password set to an empty string. Then he later changed the user account
password, but *didn't* set the login keychain password to the same thing.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#96852

On 2016-11-14 06:46:20 +0000, Jolly Roger said:

> David Empson <dempson@actrix.gen.nz> wrote:
>> gtr <xxx@yyy.zzz> wrote:
>> 
>>> So this past week I was struck curious by a request for access to a
>>> keychain we rebootin.  It was the FMFD.
>>> 
>>> In recent reboots I'm asked for from 2 to 4 passwords, and have been
>>> for a number of years.  It's no great hassle, since it's generally so
>>> rare that I reboot anyhow.  Still, it makes me wonder if there isn't a
>>> simpler way.
>> 
>> There is. Change the password on your "login" keychain so it is the same
>> as the user account password for your user account.
> 
> That's the default state on a newly installed system: both the user account
> and the login key chain are set to the same password.
> 
>> The system will then use the entry of the login password (either your
>> manual entry or if you have set up the computer to log in automatically)
>> to automatically unlock the login keychain, avoiding the need to type in
>> another password the first time something wants the keychain.
> 
> That's how it works for most users because  the keychain password and user
> account password are the same.
> 
>> I used to have a different password for my keychain but several OS X
>> versions ago it started to get unweildy because too many things kept
>> asking for it. Made them the same password and that annoyance went away.
> 
> I suspect gtr originally had his user account password and login keychain
> password set to an empty string. Then he later changed the user account
> password, but *didn't* set the login keychain password to the same thing.

Exactly.

[toc] | [prev] | [next] | [standalone]

#96858

On 2016-11-14, gtr <xxx@yyy.zzz> wrote:
> On 2016-11-14 06:46:20 +0000, Jolly Roger said:
>> David Empson <dempson@actrix.gen.nz> wrote:
>> 
>>> I used to have a different password for my keychain but several OS X
>>> versions ago it started to get unweildy because too many things kept
>>> asking for it. Made them the same password and that annoyance went
>>> away.
>> 
>> I suspect gtr originally had his user account password and login
>> keychain password set to an empty string. Then he later changed the
>> user account password, but *didn't* set the login keychain password
>> to the same thing.
>
> Exactly.

Ok. So in the future, keep this in mind. Typically, when you change your
user account password, the login keychain password is automatically
changed to match. IIRC (it's been a while), under normal circumstances
when you do change your user account password, at least some versions of
macOS will ask you if you want to change the login keychain password as
well. You always want to do that when prompted. If there is no prompt,
I'd assume it happens automatically.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#96881

On 2016-11-14 17:34:51 +0000, Jolly Roger said:

> On 2016-11-14, gtr <xxx@yyy.zzz> wrote:
>> On 2016-11-14 06:46:20 +0000, Jolly Roger said:
>>> David Empson <dempson@actrix.gen.nz> wrote:
>>> 
>>>> I used to have a different password for my keychain but several OS X
>>>> versions ago it started to get unweildy because too many things kept
>>>> asking for it. Made them the same password and that annoyance went
>>>> away.
>>> 
>>> I suspect gtr originally had his user account password and login
>>> keychain password set to an empty string. Then he later changed the
>>> user account password, but *didn't* set the login keychain password
>>> to the same thing.
>> 
>> Exactly.
> 
> Ok. So in the future, keep this in mind. Typically, when you change your
> user account password, the login keychain password is automatically
> changed to match. IIRC (it's been a while), under normal circumstances
> when you do change your user account password, at least some versions of
> macOS will ask you if you want to change the login keychain password as
> well. You always want to do that when prompted. If there is no prompt,
> I'd assume it happens automatically.
Many thanks--stashed for future access
.

[toc] | [prev] | [next] | [standalone]

#96973

Jolly Roger <jollyroger@pobox.com> wrote:
> Ok. So in the future, keep this in mind. Typically, when you change your
> user account password, the login keychain password is automatically
> changed to match. IIRC (it's been a while), under normal circumstances
> when you do change your user account password, at least some versions of
> macOS will ask you if you want to change the login keychain password as
> well. You always want to do that when prompted. If there is no prompt,
> I'd assume it happens automatically.

All true. Keep in mind, though, that that only works if you are changing 
user A's login password if you are are logged in as user A. If you 
change A's login password while logged in as B, A's keychain password 
doesn't change.

-- 
K.

Lang may your lum reek.

[toc] | [prev] | [next] | [standalone]

#96974

Király <me@home.spamsucks.ca> wrote:
> Jolly Roger <jollyroger@pobox.com> wrote:
>> Ok. So in the future, keep this in mind. Typically, when you change your
>> user account password, the login keychain password is automatically
>> changed to match. IIRC (it's been a while), under normal circumstances
>> when you do change your user account password, at least some versions of
>> macOS will ask you if you want to change the login keychain password as
>> well. You always want to do that when prompted. If there is no prompt,
>> I'd assume it happens automatically.
> 
> All true. Keep in mind, though, that that only works if you are changing 
> user A's login password if you are are logged in as user A. If you 
> change A's login password while logged in as B, A's keychain password 
> doesn't change.

Eww. That's not good. Then again it's not hard to change the login keychain
password later separately - assuming you know to do it.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#98529

On 2016-11-14 17:34:51 +0000, Jolly Roger said:

> On 2016-11-14, gtr <xxx@yyy.zzz> wrote:
>> On 2016-11-14 06:46:20 +0000, Jolly Roger said:
>>> David Empson <dempson@actrix.gen.nz> wrote:
>>> 
>>>> I used to have a different password for my keychain but several OS X
>>>> versions ago it started to get unweildy because too many things kept
>>>> asking for it. Made them the same password and that annoyance went
>>>> away.
>>> 
>>> I suspect gtr originally had his user account password and login
>>> keychain password set to an empty string. Then he later changed the
>>> user account password, but *didn't* set the login keychain password
>>> to the same thing.
>> 
>> Exactly.
> 
> Ok. So in the future, keep this in mind. Typically, when you change your
> user account password, the login keychain password is automatically
> changed to match. IIRC (it's been a while), under normal circumstances
> when you do change your user account password, at least some versions of
> macOS will ask you if you want to change the login keychain password as
> well. You always want to do that when prompted. If there is no prompt,
> I'd assume it happens automatically.

Having now done this I thought I'd update a few of the details for 
future passers-by.

I attempted to go into KeyChain Access and change the passwords to 
correlate with my login password. The first keychain I tried, told me 
that four characters (replicating my login) did not present sturdy 
enough security.  So I bailed.

Instead I decided to make my login password match the longer password I 
had been using for my keychains. So I did that.  Thus everything 
matched up; when restarting I no longer had to give various processes 
access to my login or "Local Items" keychains.

Then--what the hell--I went back into system preferences and changed my 
login a second time--back to my trusty insecure four-letter password of 
old.  Bingo--the keychains seem to have followed suit as I am still not 
being asked for additional access when I do a reboot.

Thus ends saga #243.

[toc] | [prev] | [next] | [standalone]

#98535

gtr <xxx@yyy.zzz> wrote:
> On 2016-11-14 17:34:51 +0000, Jolly Roger said:
> 
>> On 2016-11-14, gtr <xxx@yyy.zzz> wrote:
>>> On 2016-11-14 06:46:20 +0000, Jolly Roger said:
>>>> David Empson <dempson@actrix.gen.nz> wrote:
>>>> 
>>>>> I used to have a different password for my keychain but several OS X
>>>>> versions ago it started to get unweildy because too many things kept
>>>>> asking for it. Made them the same password and that annoyance went
>>>>> away.
>>>> 
>>>> I suspect gtr originally had his user account password and login
>>>> keychain password set to an empty string. Then he later changed the
>>>> user account password, but *didn't* set the login keychain password
>>>> to the same thing.
>>> 
>>> Exactly.
>> 
>> Ok. So in the future, keep this in mind. Typically, when you change your
>> user account password, the login keychain password is automatically
>> changed to match. IIRC (it's been a while), under normal circumstances
>> when you do change your user account password, at least some versions of
>> macOS will ask you if you want to change the login keychain password as
>> well. You always want to do that when prompted. If there is no prompt,
>> I'd assume it happens automatically.
> 
> Having now done this I thought I'd update a few of the details for 
> future passers-by.
> 
> I attempted to go into KeyChain Access and change the passwords to 
> correlate with my login password. The first keychain I tried, told me 
> that four characters (replicating my login) did not present sturdy 
> enough security.  So I bailed.
> 
> Instead I decided to make my login password match the longer password I 
> had been using for my keychains. So I did that.  Thus everything 
> matched up; when restarting I no longer had to give various processes 
> access to my login or "Local Items" keychains.
> 
> Then--what the hell--I went back into system preferences and changed my 
> login a second time--back to my trusty insecure four-letter password of 
> old.  Bingo--the keychains seem to have followed suit as I am still not 
> being asked for additional access when I do a reboot.
> 
> Thus ends saga #243.

Excellent. 

Thanks for reporting back.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#96851

On 2016-11-14 06:20:43 +0000, David Empson said:

> gtr <xxx@yyy.zzz> wrote:
> 
>> So this past week I was struck curious by a request for access to a
>> keychain we rebootin.  It was the FMFD.
>> 
>> In recent reboots I'm asked for from 2 to 4 passwords, and have been
>> for a number of years.  It's no great hassle, since it's generally so
>> rare that I reboot anyhow.  Still, it makes me wonder if there isn't a
>> simpler way.
> 
> There is. Change the password on your "login" keychain so it is the same
> as the user account password for your user account.
> 
> The system will then use the entry of the login password (either your
> manual entry or if you have set up the computer to log in automatically)
> to automatically unlock the login keychain, avoiding the need to type in
> another password the first time something wants the keychain.
> 
> I used to have a different password for my keychain but several OS X
> versions ago it started to get unweildy because too many things kept
> asking for it. Made them the same password and that annoyance went away.

I'll give that a try.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.sys.mac.system

csiph-web