Keychain password questions

Here are some references that may help:

http://docs.info.apple.com/article.html?artnum=106973

Reset Keychain Password: Assuming that you are using a recent build of OS X, go to /Applications/Utilities and launch the app called Keychain Access. Go to the Window pulldown menu and select "Keychain First Aid". Enter your password, set the radio button to "Repair", and click "Start".

Tutorial: Keychain issues; resolving

If you can't access your keychain, or forget your password If you can't get into your keychain file because you've forgotten your password or the keychain file appears to be corrupt, there are a couple of options.

First, if you've forgotten your password, you can use the "Keychain First Aid" utility to make the keychain password the same as the login password.

This can be accomplished via the following process:

Open Keychain Access (located in Applications/Utilities
Go to the "Keychain Access" menu and select "Preferences"
Click the "First Aid" tab
Make sure the "Synchronize login keychain password" box is checked
Close the Preferences window
Go to the "Keychain Access" menu and select "Keychain First Aid"
Enter your username and password
Click the "Repair" button
Another option is to completely delete your keychain then recreate it. This routine is useful if your keychain appears to be corrupt or otherwise inaccessible.

This can be accomplished as follows:

Launch Keychain Access (located in Applications/Utilities)
Click "Show Keychains" in the lower-left corner of the window.
Select the problematic keychain from the left-hand pane.
Navigate to the "File" menu and select "Delete Keychain '(name of keychain)'"
Check all options for deletion and press "OK"
Create a new keychain by going to the "File" menu, then "New" and selecting "New Keychain"
You can now make this keychain your default if you desire by selecting it, then going to the "File" menu and selecting "Make '(name of keychain)' Default"

Login as root and perform repair In some cases, problems with keychains can only be resolved when logged in as the root user.

First, enable a root user account, as detailed in Knowledge Base article #106290 (briefly: open NetInfo Manager, located in Applications/Utilities, click the lock and enter the administrator password, then select "Enable Root User" from the Security menu and follow on-screen instructions).

After enabling the root user, and logging in under this account, again open Keychain Access. First attempt repairs using Keychain First Aid, and failing that, delete then recreate the keychain as described above while logged in as root.

Persistently asked for stored passwords If you are persistently asked for passwords in various applications that you have specified should be remembered in a keychain, your "login" keychain may not be active for one reason or another.

Navigate to ~/Library/Keychains/ (this is the Library folder inside your user home folder). Find the file named "login.keychain" and double-click it.

Failing that, select the "login" keychain within the Keychain Access application and make sure it is the default keychain by going to the "File" menu and selecting "Make 'Login' Default"

Turn off Keychain synchronization in applications having problems If specific applications are experiencing issues when accessing password-protected material, Keychain may be to blame.

For example, it appears that in some cases, failures in .Mac synchronization transfers are linked to issues with Keychain.

If you are having problems synchronizing data with .Mac servers, you may want to try the following process:

Open System Preferences and access the .Mac pane
Click the "Sync" tab
Uncheck the "Synchronize with .Mac" checkbox
Close System Preferences
Re-open System Preferences and repeat steps 1 and 2
Re-check the "Synchronize with .Mac" checkbox
If the above process does not re-allow synchronization, you may need to leave Keychain synchronization turned off in the "Sync" tab of the .Mac System Preferences pane.

MacFixIt reader Faisal writes:

"I believe the problem may be related to Keychain sync overwriting or mangling the .Mac information in the Keychain. By disabling Keychain sync I seem to be able to sync again without issue."


A keychain is simply a secured database in which you can store userids and passwords securely. OS X integrates most applications to the Keychain so that when a userid and/or password is requested the Keychain fills in the information automatically unless you've elected otherwise. This is especially useful when accessing secure web sites so you don't have to remember every username and password you've assigned.

When you create a new account a new keychain file is created for that account. The account password is the default password used for the keychain so when you log into the account the associated keychain is opened automatically.

Here's another suggestion:

Symptom: After applying an update or some kind of instance where a shutdown occurred, upon rebooting, Mac OS X will demand a password for System.keychain. No password will ever work, not even root.

NOW FOR THE SOLUTION...

WARNING: This assumes that you are competent with the command line AND you have a working copy of OS X somewhere else nearby, preferably on an external disk partition. I'm not going to explain the basics of using the Terminal or how to access both of your systems at the same time. If you are afraid of screwing up, simply reinstall Mac OS X and say a few prayers that it will fix itself (assuming that another Software Update won't mess it up again).

The problem lies with a file deep in the bowels of OS X. It's /var/db/SystemKey. What it does is that it tells Mac OS X how to unlock the system keychain. It only knows the System.keychain specific to the computer, so if you import another System.keychain as a replacement, SystemKey won't know how to unlock it and you'll keep getting the annoying dialogs prompting for System.keychain's password.

So without further ado, this is how to stop the annoying dialogs once and for all:

1. AS THE ROOT USER, you will need to copy over /var/db/SystemKey from a known good system to your problematic system. Make sure that you preserve the permissions (0400). It is advisable that you are NOT booted from your problematic system.

2. If you have a good System.keychain, copy that over to /Library/Keychains on the problem system. If you accidentally deleted System.keychain, you can execute the following (again AS ROOT):

/usr/sbin/systemkeychain -C -f

This creates a new, working, empty System.keychain and effectively overwrites the old keychain.

3. Reboot to your system. You will be presented with different, more familiar (Change, Change All) dialogs. If you had any passwords saved in your list of preferred networks, just put them back in.


I think you can go ahead and delete the .keychain file you found. The info I have pre-dates Tiger so there have likely been some changes.

Hi Kappy:
That's very informative.
Could you iron out a subtlety for me please.
If a single user sets up their OS with an account log in password and uses for e.g. Safari AutoFill to remember a web site log on, then that same account password is remembered by Keychain as the password to access keychain. My question is, if the User then changes their account log-in password, does the Keychain retain the older initial password and hence cause the difficulties that people experience?

ewe:
I am running panther as well, and I have two keychains, (auto generated)
HD/Library/Keychains/system.keychain (contents are indecipherable)
~/Library/Keychains/login.keychain (contents allude to mail and my ISP access)
and in Firefox, web names/passwords are kept in another location, not on the keychain.
That you had just .keychain is odd or perhaps it is because you have not used keychain to remember any login.

Changing the password using Accounts preference will also change the keychain password to match.

Read Changing or resetting an account password for basic information on changing passwords.

Kappy,

Ok, I think I've got it now. Thanks for your reply.

roam