1 2 3 Previous Next 35 Replies Latest reply: Apr 24, 2013 3:59 PM by ancientscream Go to original post
  • 15. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    I still think were talking at cross purposes as regards this keychain issue, the  keychain that resides on the USB stick is never copied back and forth, it is a keychain separate from "login" keychain "system" keychain, "system roots" keychain etc.

     

    I created this particualr keychain many moons ago by selecting File > New Keychain > giving it a name and saving it to the USB disk in question where it has since resided maybe changing usb stick as I got larger capacity ones since 2005.

     

    I never need to open this keychain file itself as once keychain access program has once opened this keychain it always remembers its location on the USB disk, nothing has ever been placed or created  in this keychain by the computer, I created everything in this specific keychain myself, the only kind of items in it are "secure notes" which are not generally ever used by the OS or any other Applications. I can clearly see when examining "login" keychain and the "system" keychain that they contain all the other items that the system creates, saved wifi passwords, mail server security certificates etc etc etc and these files themselves are located in their usual places library > keychains for system and ~/library/keychains/ for login keychain etc I am not storing my ordinary keychains on the USB stick at all. Only this personal keychain resides there. The behavior of complaining upon removal of my USB stick is a relatively new phenomena, of which it did not complain of before, when the setup was identical, The programs google chrome, screen sharing ?! that are complaining of this USB sticks removal and theyre desire to hold access to this private keychain file contained on it, do not have any rights to do so, there is not a single item in this private personal keychain that relates in any way to theyre functioning but they still want access to it, this is not right … I can discern no logical reason for them to desire access to it currently, at the moment until i am proven otherwise this is some kind of bug.

  • 16. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    gordguide Level 1 Level 1 (25 points)

    That's your problem then. As you have it configured, it will always have open files on it anytime it's mounted. That open file is what is preventing you from easily Ejecting the USB drive, because it's a file that is used by the System, not the User. Anytime you try to eject it, the OS will determine that it is being used by the System, and in essence treat it like it was part of the OS itself, so it will balk at any User-level changes (like ejecting it).

     

    If you change your workflow with this particular Keychain as I suggested a few posts ago, you will eliminate the reason the System wants to keep it mounted.

  • 17. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    true UNIX invention was earlier 1969, CP/M being 1974 but in the 1980's when personal home computing took off outside of academic circles and some companies in the UK, you were more likely to find CP/M on a personal machine than UNIX, hence my use of command lines at that period and thence transitioning to apples desiring never to see command lines again

  • 18. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    keychains and keychain access can be used by the user to store they're own information securely, independently of the systems use of it, many guides on the web explain how to do this, and it functioned fine for me for years :

     

    see this tutorial here for example

     

    cheers for all your help and suggestions it really is appreciated, ill keep looking for a solution.

  • 19. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    gordguide Level 1 Level 1 (25 points)

    " ... keychains and keychain access can be used by the user to store they're own information securely, independently of the systems use of it ..."

     

    Of course they can. But not if you deliberately set it up so the System must use it. Which is what you've done. Essentially you've configured it so that if you plug in that USB stick, you are forcing the System to use that file and keep it open.

     

    You probably will have to delete that keychain from your list in Keychain Access (backup!) before the System will stop locking access. Again, you can't get what you want until you set up your use of that Keychain properly. It is your own actions that are causing the problem; you are forcing the System to use that file on the USB drive; it has no choice due to how you've configured access to that particular Keychain.

  • 20. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    i have not set it up so the system must use it

  • 21. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    gordguide Level 1 Level 1 (25 points)

    In an earlier post you told me you did, by having the path to that keychain go via a USB drive. What do you expect the OS to do except follow your orders?

     

    Set up the path to that keychain to go via your mounted System Drive (which the OS also will not let you eject and for exactly the same reasons).

  • 22. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    gordguide Level 1 Level 1 (25 points)

    " ... i have not set it up so the system must use it ..."

     

    Yes, you have.

     

    You have set the pathname to the USB disk by "once keychain access program has once opened this keychain it always remembers it's location"

     

    Location = Pathname

     

    So, you have set the pathname in Keychain Access to a USB drive and now wonder why it wants to keep the USB drive mounted?

     

    The System is only doing what you've told it to do.

     

    You need to copy the keychain to your system disk, set the pathname to that keychain (or just reboot and it should show up there) and delete the keychain that still has the USB drive as the pathname.

     

    Which is why renaming one of them is a good idea, so you know which is which when it comes time to delete the one with the pathname to the USB drive from the list in Keychain Access.

     

    If you're not forcing the System to use the keychain on the USB drive, it won't stop you from unmounting it.

     

    Really, I can't help you anymore. The solution to your problem has been given. I can't put a gun to your head and make you use it.

  • 23. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    Ok I think it will make more sense if i explain how i use this particular keychain and why it is on this USB stick in the first place, it has to be on the USB stick, as I need it be portable as I take the stick with me when I work at clients, and anytime I need one of the 519 encrypted secure note items containing my clients passwords logins etc system details etc, i plug the USB stick into a machine at their office open up the this secure encrypted keychain on the USB stick add or change or view any of the details i need in the secure notes in relation to the client, and when done I delete the reference to this portable keychain ( but not the file obviously) from their "keychain access" program, I then quit keychain and unplug the usb stick(these other machines don't complain), and i can go to any clients and have access to this one centralised encrypted keychain from this USB stick wherever I need, and because its encrypted If i lose the usb key it is to all intents and purposes illegible and secure from the finders prying eyes. this has always worked just fine, it continues to work on most of my clients machines without complaint ie there machines do not attempt to deny the USB sticks ejection, but on my home machine it has for some time started try to deny all attempts to remove the stick unless every program has been quit first, this never used to be a problem, it is not therefore related to the way I have set up the keychain, as it was never an issue till recently.

     

    I did at one point consider using the 1password app on iphone for this task, but there are too many secure note items too convert by hand and 1password can't import a sausage from the keychain access. hence my continued use of the usb stick keychain combo, what would be the best if apple were to write an app that allowed me top open, create and maintain keychains on an iphone directly (probably doable if i Jailbreaked) but im not interested in jailbreaking, and they way apple are headed, dumming things down, restricting the user and create a walled garden for sales, they probalby consider it too much of a security issue and not a prioity to write a keychain access app for iphone ? anyways thats a side issue.

  • 24. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    gordguide Level 1 Level 1 (25 points)

    I understand how you use the USB key and the Keychain on it.

     

    What is the difference between using the USB key on your clients' machines and at home?

     

    Answer: you are logged in to your home machine; on clients' machines you are not. And while logged in, you have set the pathname used by the System to the keychain on the USB drive. You probably have the preferences in Keychain Access to automatically mount the USB Keychain.

     

    Q: When you insert the USB key, and try to use the keychain in Keychain Access to view secure notes, does the System ask you for a password or does it just open?

     

    If it doesn't prompt you for a password, you've set it up to automatically mount and use that USB key, and as a result it refuses to unmount it, which is what it's supposed to do.

     

    Have you been to Keychain Access preferences like I suggested?

     

    The answer had **** well better be yes, or I'm giving up on you altogether.

  • 25. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    it always prompts me for a password as I have set it up up to use a seperate password from that of the user password.

  • 26. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    gordguide Level 1 Level 1 (25 points)

    And it's set to lock after how many minutes, and it's set to lock or not when sleeping?

  • 27. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    yes I have checked keychain access preferences I can see nothing that would cause

     

     

    Really, I can't help you anymore. The solution to your problem has been given. I can't put a gun to your head and make you use it.

     

    I really appreciate your interest and suggestions,  I was not expectant of a solution from you, it sounds like this is stressing you out, and its a bit late here also, im gonna mull on the way forward to test it out, ill have to create an other os install leopard etc tomorrow and test on that and my mountain lion machine to see whether the issue is identical, as I suspect not. who knows it may turn out to be a gremlin in this particular install, but well see. cheers

  • 28. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    And it's set to lock after how many minutes, and it's set to lock or not when sleeping?

    its not set to lock after a timeout or after sleep

  • 29. Re: cannot eject usb stick in os x containing a private keychain containing only user created secure notes
    ancientscream Level 1 Level 1 (20 points)

    locking or unlocking that particular keychain or even deleting it from keychain access and removing all references to it does not prevent the computer insisting some of the programs are using it and demanding they be quit, even though those programs store nothing in this particular personal non system keychain.