Trying to understand keychain settings

Question

Trying to understand keychain settings

Been having a lot of problems with having to unlock the login keychain all the time (see loads of posts on these forums, google et al).

So - following a lot of the advice out there - I reset my login keychain.

Now - I'm trying to understand the following:

1) In preferences - login keychain is set to not to lock
2) In the keychain settings - the login keychain is set to not lock on sleep or inactivity.

(yes yes - I know this is insecure - when I get it to stop autolocking all the time we'll take another look at this).

So - all three places I have found is set to not lock (and there's nothing in the chain either - completely new chain).

So . why does first aid give me the following:

Verification started
Checking keychain configuration for Chris Searle (user ID=501)
Home directory is /Users/chris
Checked login keychain
Checked password for ~/Library/Keychains/login.keychain
Checked settings for ~/Library/Keychains/login.keychain
Settings for ~/Library/Keychains/login.keychain may cause the keychain to be locked
Current values: lockOnSleep=no, autoLock=never
Checked default keychain
Checked contents of ~/Library/Keychains/login.keychain
Verification completed

Repair gives

Repair started
Checking keychain configuration for Chris Searle (user ID=501)
Home directory is /Users/chris
Checked login keychain
Checked password for ~/Library/Keychains/login.keychain
Checked settings for ~/Library/Keychains/login.keychain
Settings for ~/Library/Keychains/login.keychain may cause the keychain to be locked
Current values: lockOnSleep=no, autoLock=never
Settings corrected on ~/Library/Keychains/login.keychain
Checked default keychain
Checked contents of ~/Library/Keychains/login.keychain
Problems successfully repaired
Repair completed

But the next verify shows the same thing. What setting where is causing the "may cause the keychain to be locked"? 'cos it keeps locking.

Macbook pro 17" Mac OS X (10.4.6)

Posted on Jun 11, 2006 1:14 PM

Reply

Answer 1

baltwo

Level 9

62,362 points

Jun 11, 2006 1:43 PM in response to Chris D Searle

What are your settings in Keychain Access->Preferences->First Aid?

I have the first unchecked and the last three checked. Keychain First Aid verify reports:

Verification started
Checking keychain configuration for "me" (user ID=501)
Home directory is /Users/"me"
Checked login keychain
Checked password for ~/Library/Keychains/login.keychain
Checked settings for ~/Library/Keychains/login.keychain
Checked default keychain
Checked keychain search list
Checked contents of ~/Library/Keychains/login.keychain
Checked contents of ~/Library/Keychains/Microsoft IntermediateCertificates
No problems found
Verification completed

All options in settings for Keychain "login" are unchecked.

Reply

Answer 2

Jun 11, 2006 1:53 PM in response to baltwo

All four checked.

Edit > Change settings for keychain "login" - all three unchecked.

Just re-run first aid:

Verification started
Checking keychain configuration for Chris Searle (user ID=501)
Home directory is /Users/chris
Checked login keychain
Checked password for ~/Library/Keychains/login.keychain
Checked settings for ~/Library/Keychains/login.keychain
Settings for ~/Library/Keychains/login.keychain may cause the keychain to be locked
Current values: lockOnSleep=no, autoLock=99999 mins
Checked default keychain
Checked contents of ~/Library/Keychains/login.keychain
Verification completed

Note the autolock. I did set it to that to see if it was triggering. Now it's back to unchecked and 5 mins - yet first aid still reports this.

Reply

Answer 3

baltwo

Level 9

62,362 points

Jun 11, 2006 1:58 PM in response to Chris D Searle

Don't know what to tell you. The only differences I see is that you have "clear log before scan" checked (I don't) and I'm running 10.4.6 (you're at 10.4.5). Turn off the clear log option and rerun verify.

Reply

Answer 4

Jun 11, 2006 2:01 PM in response to baltwo

Re OS version - forgot to change it - got a mini at .5 and the pro at .6 - it's .6 I'm working on.

Really irritating this one - been adding passwords/keys in the mean time - **** thing just locked again. I simply don't understand it.

Reply

Answer 5

Jun 11, 2006 2:04 PM in response to Chris D Searle

OK - turned off the clear log. Here's a run. It fixed the 99999 business - but not the "may cause the keychain to be locked"

Verification started
Checking keychain configuration for Chris Searle (user ID=501)
Home directory is /Users/chris
Checked login keychain
Checked password for ~/Library/Keychains/login.keychain
Checked settings for ~/Library/Keychains/login.keychain
Settings for ~/Library/Keychains/login.keychain may cause the keychain to be locked
Current values: lockOnSleep=no, autoLock=999999 mins
Checked default keychain
Checked contents of ~/Library/Keychains/login.keychain
Verification completed

Repair started
Checking keychain configuration for Chris Searle (user ID=501)
Home directory is /Users/chris
Checked login keychain
Checked password for ~/Library/Keychains/login.keychain
Checked settings for ~/Library/Keychains/login.keychain
Settings for ~/Library/Keychains/login.keychain may cause the keychain to be locked
Current values: lockOnSleep=no, autoLock=999999 mins
Settings corrected on ~/Library/Keychains/login.keychain
Checked default keychain
Checked contents of ~/Library/Keychains/login.keychain
Problems successfully repaired
Repair completed

Verification started
Checking keychain configuration for Chris Searle (user ID=501)
Home directory is /Users/chris
Checked login keychain
Checked password for ~/Library/Keychains/login.keychain
Checked settings for ~/Library/Keychains/login.keychain
Settings for ~/Library/Keychains/login.keychain may cause the keychain to be locked
Current values: lockOnSleep=no, autoLock=never
Checked default keychain
Checked contents of ~/Library/Keychains/login.keychain
Verification completed

Reply

Answer 6

baltwo

Level 9

62,362 points

Jun 11, 2006 2:23 PM in response to Chris D Searle

Did you log out and back in? Did you restart? Do you have more than one user account? Did you create a new admin user account, log into it, and see if you get the same messages? Try all of those. I can't duplicate the behavior and am out of ideas.

Reply

Answer 7

Jun 12, 2006 12:17 PM in response to baltwo

Now - I'm not sure if I'm imagining it. But - I spotted that the SSHKeychain app (1.7.1) has a menu item for locking the "Apple" keychain. So (and I'll admit this was a flying leap at a "well it can't hurt to try") I quit that app. The login keychain has not locked since that point (although the "may be caused to lock" message still turns up in First Aid).

I have no idea if this is relevant or if it is a complete red herring - but I will be testing further over time.

Reply

Answer 8

baltwo

Level 9

62,362 points

Jun 12, 2006 12:39 PM in response to Chris D Searle

Ah! The proverbial "Oh! BTW, I forgot to tell you that I'm using a 3rd-party application that, supposedly integrates with the Apple Keychain, and that I'm on a network, etc., etc., etc." RME (rolling my eyes), in wonderment.

Remove the application and its associated preferences file, restart, and see if the behavior disappears. Thanks for the feedback. Seems like you found the problem. Good computing.

Reply

Answer 9

Jun 12, 2006 1:13 PM in response to baltwo

If I'd known it integrated in that way I'd have mentioned it earlier. Only just spotted it. Note that even removed the original question still remains - why does first aid claim that some setting or other "may cause it to be locked" 🙂

Reply

Answer 10

baltwo

Level 9

62,362 points

Jun 12, 2006 1:30 PM in response to Chris D Searle

I don't know. Are you sure you removed all of its pieces? You might try moving com.apple.keychainaccess.plist out of ~/Library/Preferences/, log out and back in, and see if the problem persists.

Reply