Q: Is there a way to reset keychain passwords from server.app?
We have a Lion server and a number of Macs that authenticate with the server through open directory. On occasion users have forgotten passwords, and so I've reset them from server.app. I've tried both getting them to enter their password on the server, or setting their password to "password" with reset at next login set, but both methods result in an issue whenever the user logs in where they're prompted to create a new keychain or use their old one (which is not possible because they have forgotten the password to unlock it). This is frustrating for me and users.
Am I doing something wrong, or is this how it is supposed to work? It'd be a real pity if the latter was true, and would go against the idea that "it just works" on the Mac.
Posted on May 5, 2013 6:48 PM
That's the way it works. Due to the nature of a Keychain, and what is potentially stored in it, once a password is forgotten you need to use a new Keychain and all data within is "lost". If there were a way to reset the Keychain password then you can grab anyone's Keychain, insert it into another account and then use the reset password to get all of the data out of it… at which point there's little point to password protecting it at all.
Posted on May 12, 2013 7:45 AM