Sharing the same keychain across multiple user accounts

IMHO, they should have separate NYT accounts and, if not, then putting the single username/password on their initial visit should suffice. However, keeping separate accounts promotes accountability and security.

I have tried, without success to share a keychain between two accounts. In Keychain Access -> Edit -> Keychain List there is a Shared checkbox next to each keychain. If I click on that, the keychain disappears from the list of Keychains that you see when you open Keychain Access (and if necessary, click on Show Keychains). The keychain does not show up on any other account, either. The keychain is still there in ~/Library/Keychains.

Seems pretty useless, as does Apple's article "Mac OS X 10.4 Help -- Administering keychains for multiple user" at <http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1775.html>.

Some idiot in the security world recommended that we split our account into administrator and non-administrator, and normally log on only to the non-administrator account. This forces me to try to share files, folder, and keychains, so I can get any work done while logged on from the administrator account. Mostly, I don't think Unix, or Mac OS X, was designed to share things. (This is not a Mac versus PC statement. I only have one account on the PCs I'm forced to use at work -- it may be just as hard or harder on a PC.)

This security advice is stupid! Don't do it. Do everything on one account or you will waste hours and hours trying to bridge the gap between them.

But I would like to know how to share a keychain, since Apple's help files SAY you can. Only it does not work.

Some idiot in the security world recommended that we split our account into administrator and non-administrator, and normally log on only to the non-administrator account. This forces me to try to share files, folder, and keychains, so I can get any work done while logged on from the administrator account.

The whole point of the two accounts is NOT to get work done while logged on from the administrator account. That account is for just system maintenance and software installation. All your work should be done from a non-administrator account. There should be no need to share files or keychains between those accounts. If you need to do some administrative function while in the middle of work, use fast user switching to get to the administrator account. If you need to send a file to another account, drag it to the "Drop Box" folder in that account's "Public" folder. (Use Option-Drag if you want to keep a copy of the file.)

That was the theory. But in practice, it does not work that way. For example, I install a new release of some software, which demands I re-enter my key, which is in my email on the other account. Yesterday, I upgraded to GraphicConverter 6.0, which required an upgrade fee, which required access to my keychain on my normal, non-administrative account, which is why it would be nice to share keychains (or at least the clipboard). When I do install a program, it usually comes with some text files that I want to make available to all users, so I have to go the other way, etc.

I have run into dozens of examples in the 6-7 months I have used two accounts.

What I most want to do is remove those nasty barred circles from the ordinary user's folders when I am running as admin. I can get around it with Unix commands and 'sudo' but it is clumsy. I don't really like changing the owner and/or permissions on files and hoping I put it back right afterwards. That is too error-prone.

Given the lack of real security exploits on the Mac, I think it was a mistake to split into admin and non-admin.

No doubt it is essential on true Unix servers.

No. Why? Each account has its own keychain pegged to that owner's username/password combo. Doing what you want to do violates the built-in security provisions.