Keychain—access to this item is restricted

I had the issue too. After syncing keychains on my new MacBook Pro all the passwords from MobileMe were restricted. They were working OK on my Macbook Air.

Here's how it worked for me:

1 Copy Keychain folder from MacBook Air
2 Put it in Home Library of MacBook Pro (replacing the restricted ones)
3 Change "login" password on MacBook Pro (it has Air's password since folder is from Air)
4 do this procedure (otherwise it asks for login password at each sync):
http://support.apple.com/kb/TS1181
5 Syncing with MobileMe on Pro
6 on Air: sync and "merge all data"

now it's working perfectly on both computers.

I have to say I had to do the Apple procedure on my Pro before because it asked for a lost password from an older computer... after the sync the problems started

Then, launch Keychain Access, unlock the lock, select the login.keychain, and File->Make keychain "login" default.

If that option's grayed out, then that keychain is your default one. In your initial post you state that you *get a popup window stating "access to this item is restricted*, When I double-click on a keychain and check the *Show password* box, in Keychain Access, I get a window that states "Keychain Access wants to use your confidential information stored in +name of keychain+ in your keychain, with Always Allow, Deny, an Allow choices. If you're getting a restricted access notification, then I surmise that your login.keychain's permissions are hosed up. On my machine, Get Info->Permissions shows:

owner me w/R&W
group staff w/R only
everyone w/R only

If that's not what yours shows, change them, and see if the problem goes away.

I've started to have this same issue. My login keychain is default, my permissions are correct, keychain verified as well. I'm getting the "Access to this item is restricted".

I'm also having issues where passwords aren't being saved to the keychain (mail, airport, etc) when i select the "save to keychain" box. I get no error when this happens, it just doesn't save them.

This has started in the last 7-10 days. I've been using this keychain on 4 different computers for about ever sync you could sync keychains via .mac. Of the two currently active computers, my this is happening on my new Late 2008 MBP, but not my PowerMac. I'll have to double check the powermac as i don't use it nearly as much as the MBP.

If it doesn't happen on the PPC machine and you're using the same username/combo, then copy the login.keychain from it to one of the others, move the current login.keychain to a safe place, put in the replacement, restart, and see if the problem's fixed. I'm using the same login.keychain on both machines since Jaguar days on the G4 and it's what I transferred for the new iMac. Never had a problem.

I've tried:

1) copying the login.keychain file from my desktop machine
2) blowing away the login.keychain altogether and re-downloading it.
3) blowing away the login.keychain altogether and starting from scratch.

All of these included running a permission fix from disk utility as well as a keychain repair after reboot. In all three instances I've ended up with the same result and original symptom of getting the "Access to this item is restricted" dialog rather than the username/password prompt when i try to look at passwords in keychain. I'm on a business trip at the moment, but when i get home, i guess my last resort is to do a fresh reinstall of this system.

I've never had any sort of problems with keychain in the past, and like you, it's been getting sync to many different machines i've used over the years.

Has your date and time been reset to 1969? Keychain Access will produce this exact error if the system time is earlier than the date on the keychain. So you may want to compare Get Info... with your system time.

Richard Outerbridge wrote:

This is a spectacularly unhelpful suggestion if you don't know the original passwords, and are trying to work-around what seems increasingly obvious to be a User Interface bug in the Apple Keychain.

Have any facts to back up that claim? As I noted earlier, my login keychain has its roots in Jaguar and has worked on two different machines without ever experiencing what you surmise is an UI bug.

I recently ran into this problem as well, and I think I finally figured out what the problem is. In your home folders and on your iDisk, there is a hidden directory called Library/Keychains/.syncinfo, and inside this directory, there is a file called login.keychain.syncinfo.plist. This file needs to be the same one everywhere. If the files somehow get out of sync, the typical methods of resetting the sync data don't seem to touch these files on your systems and on your iDisk, and as long as they don't match, the access-restricted problem will happen somewhere.

The following procedure is what I just tried, and it seemed to finally get keychain syncing working again for me. I decided to start from scratch and designated one of my computers to be the master system and made sure it had all my current data.

1. First, I unregistered every system from MobileMe, opting to delete all the sync data from my iDisk when prompted. This eliminated the sync data from the iDisk.

2. Next, on each system, I turned off syncing in the MobileMe preference pane and then reset the sync history via iSync's preferences. This cleared the local sync databases.

3. On each system except the master system, I went into Keychain Access's preferences, reset the keychain, and then rebooted. (Logging out and back in is probably enough, but Apple said to reboot in its tech note.)

4. On the master system, I went into Terminal and issued the commands (both are one line each):

*rm ~/Library/Keychains/.syncinfo/login.keychain.syncinfo.plist*

*/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/Resources/kc Sync.app/Contents/MacOS/kcSync -reset*

The first command gets rid of the local copy of the file, and the second one gets rid of the one on the iDisk. When you run the second command, it should tell you that it successfully removed the file. If it doesn't, make sure you're logged into MobileMe in the preference pane. The local and iDisk copy should get automatically recreated after the second command, so they'll be in sync and reflect the name of the master computer.

At this point, the sync data were gone from all my systems except the master system, and the keychain was empty on every system except the master. The data were also gone completely from the iDisk. So now I was ready to start the synchronizing process.

5. I went back to the master system, registered it with MobileMe, and synchronized the keychain (and bookmarks and whatnot). I found that just enabling synchronization didn't cause the system to register itself with MobileMe; I had to explicitly do so via the "Advanced..." button.

6. Then I replaced the file ~/Library/Keychain/.syncinfo/login.keychain.syncinfo.plist on my other systems with a copy from my master system. (You can use Finder's "Go to Folder..." to access the invisible folder ~/Library/Keychain/.syncinfo if you don't know Unix commands.)

7. After I replaced the file on a system, I logged into MobileMe, registered the system, and then synchronized. (If you do everything correctly, it should ask you for the password of your master system when it first tries to sync your keychain. If it asks you for the password of the system you're on or of a different system, you messed up.)

Thank you so much! This problem kept coming up no matter how many times I tried to reset syncing. It would appear to work fine at first, then the next day I'd get the "access to this item is restricted" errors again. I followed all of the steps above and so far it's working perfectly.

i started having a similar problem within the past few day although i'm not syncing machines...i have just the one machine and when i launch keychain and go to show password, it asks me for my admin password which i type in and then i get a message that says "access to this item is restricted"....

i've tried repairing permissions thru disk utility...how can this be rectified?

thanks much!

mike

Michael
Had same problem. This fixed it. Launch Keychain goto;
Keychain Access/Keychain First Aid/Select Repair option/Run.
I then verified and it all checked out.
I restarted Keychain and went to view my password. It was at this point I would get the error message. Now it lets me fill in my password and gives me full access.
I hope this helps.
Struggs

I am experiencing the "Access to this item is restricted" problem too. I have both a Mac Pro and a MacBook Pro, and when the keychains are synced between the machines, I get the error message on the Mac Pro (with the passwords synced from MBP). Isn't there any way to fix this?

Message was edited by: chreri