Q: How do I disable Keychain

Or add a feature to the keychain to sync the keychain password with the AD server password?

Agreed that it is annoying to remember two passwords to get to one place. I deal with people in a retirement home whose memory is poor, and their getting prompted all the time is infuriating and gets them tied up in knots.

rcgrohn wrote:

 

Why does Apple not offer a tool to automatically sync the login password with the keychain password when Active Directoy needs to be used? Maybe add a button "Sync with AD" in the user account area?

If you could just issue a command to change the keychain password without actually knowing the old one it wouldn't be a very secure keychain now would it? You could reset the bosses Keychain & get a raise .

Has anyone tried changing an empty login.keychain to be owned by root with no access for the user? It should prevent a user writing to that keychain which should prevent any user saving data to it (which causes the unlock prompts).

It's probably a terrible idea, since the OS will not remember any passwords for that user, so try it on a test account.

Another option is you make a script that runs on user login & resets the keychain password (assuming you can query the new & old password from Active Directory - is this even possible).

The 'security' command will allow you to script resetting the keychain password…

https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man1/security.1.html

It will also allow you to set passwords for particular services, apps, URLS etc (like when the AD password for POP/IMAP changes).

It's not a simple answer - but this is Apple, you have to think different if you want the OS to behave how you want.

I would go to the primary Safari menu in the upper left corner, click preferences, passwords, and delete the ones you don't want it to store. The next time you enter your own passwords and keychain access pops up, select never ask to store again. You can also delete the passwords by going to Applications, then Keychain access and delete the web passwords under in the password category.

The problem the OP has I have too.  But I would describe it differently.

I have passwords stored for the active directory domain.  Those passwords are stored in "internet passwords" in the System Preferences pane, associated with Exchange.  The result is that when the password policy requires a user to CHANGE his password, then the user does that (for instance on an office computer, running windows), the result is that the first time the user boot's his mac at home, and starts mail a very bad thing happens.

Mail tries multiple times to log in using the old password and then gives up (the multiple bad attempts actually disable the user account in Active Directory in my case).

Then the user can't log in at home or at work, and has to call support.

What is needed is a way to NOT remember the Exchange password and prompt for it each time it is needed by the mac app.  These apps would include Mail, Calendar, Notes, Reminders and Contacts.

Thanks WildinPunk, it work for me also.

In answer to Baltwo, use Last Pass (for Mac) for all your passwords. Far more compreehensive than keychain. I hope I have disabled it according to ComputerGeek147.

Why? I have no issues with using the built-in keychain mechanism.

Dear Hackintosh,

I'd bet you are a level one by your response to the very reasonable question posed by several Mac users (such as HorseWareIT): "How do I disable Keychain?" 

Any level-minded Mac user could never have replied so daftly. Keep quiet unless you have experienced what they are telling you. They go on this forum for good reason, and one is certainly NOT to get glib and flat-line answers.  The keychain issue is madness for a multitude of reasons. HorseWareIT explained only one possible, maddening scenario.

Hey, PaperStars -- that didn't work at all. What Mac product do you have?

Great thank you very much - perfect solution!!

Best,

AC

THANK YOU!!!  This worked exactly as you said.  I guess i have to research more about keychains....it was quite stressful~   you saved the day

WOW Thank you.  This absolutely fixed the constant annoying Keychain prompts.  But I have a feeling that this has only 4 thanks because people don't know that you can't just open finder to find Keychains. 
Use spotlight to find Terminal.

In Terminal type this command  cd /Users/admin/Library/Keychains/   Note that Capital letters count so /users is not the same as /Users.  Replace admin with your username.

From here delete the files with this command.  *WARNIG MAKE SURE YOU ARE REALLY IN THE CORRECT DIRECTORY*

Type  pwd   It should respond with /Users/admin/Library/Keychains/ 

then delete everything with this command.   rm -f *   <<<  That's  r m    -f  * <<<Added spaces so r and m are legible.

log out and log back in and enjoy No More keychain spams.

I was reading through this forum 'cause keychain drives me mad every time I restart my Mac. Today flavor of madness was my Lync client connected to my corporate O365 account was giving me the obstinately recurring keychain popups.

following your advise, I just trashed the Oc_Container... file in the library\keychains\ folder and Lync reset to the current active O365 password.

Now, I';m going to go trash all the other keychains and start from scratch.

Thanks WildinPunk