Skip to main content

Mac OS X Keychain Annoyances

No time today to work on my Mac SOE more on Monday. Just a quick snippet (which I actually use in my Mac SOE image).

We use Active Directory, we have our accounts set to expire after a certain period of time. For one reason or another when the Mac end user changes their AD their Keychain password gets out of sync.

This causes any app that had the password saved in keychain to prompt the user to unlock keychain every time they open the app.

I could show them how to manually open the Keychain assistant and reset the password (and I have on many many many occasions) but this is too hard for most of them ;) I give them this little applescript to kill it.

Not the best solution as they lose their keychain passwords, but its the simplest. Here's the applescript.
set FDATE to do shell script ("/bin/date '+%Y-%m-%d-%H%M%S'")

try
 set status to display dialog "Clear Keychain." & return & return & "What you are about to do is potentially destructive, please close all applications before proceeding." buttons {"Continue", "Quit"} default button 1 with icon stop

 set response to button returned of status
 
 if response is equal to "Continue" then
  try
   do shell script ("/bin/mv -f ~/Library/Keychains/login.keychain ~/Library/Keychains/login.keychain." & FDATE)
  end try
  try
   do shell script ("/bin/mv -f ~/Library/Keychains/metadata.keychain ~/Library/Keychains/metadata.keychain." & FDATE)
  end try
  set status to display dialog "Complete" & return & return & "You must reboot now." buttons {"OK"} default button 1 with icon stop 
 end if
 
end try

When the end user next logs they will be prompted to create a new keychain.

Popular posts from this blog

Mac OS X "SOE" Day 7

Page Redirection > continued from day 6... In summary, here is my method for creating a Mac OS X 10.7.3 Standard Operating Environment "SOE" Image. Overview The goal is to create a "MASTER" non-booted SOE that can be used with multiple models and it multiple sites with different local requirements. My intention is to use this "MASTER" image in a manual restore procedure due to the fact netboot facilities cannot be made available to all the sites I support however the DMG files are netboot compatible. Requirements Lion Recovery Disk Assistant v1.0 "TARGET" workstation. A compatible workstation that will be used to install Mac OS X 10.7.3 and capture a DMG image(s). "ADMIN" workstation. A workstation with Disk Utility that you will use to capture your DMG image(s). External storage such as a USB HARD DISK. Setup Downloaded the Lion Recovery Disk Assi...

IIS looks normal, but site won't load.

Someone updated .Net Framework on Win2003 server (required for another app). Unfortunately didn't check existing IIS sites and their requirements so it broke a custom c# web site. Uninstalled without error in the OS, but website still 404ing, reboot and iisreset didn't fix it. "%systemroot%\Microsoft.NET\Framework\ VERSION \aspnet_regiis.exe" –i Then iisreset. All good :) Read about it here http://msdn.microsoft.com/en-us/library/k6h9cz8h(v=vs.80).aspx

Mac OS X "SOE" Day 5

Page Redirection > continued from day 4... Continuing on from the "build" phase setup we need to script our "firstboot" options. The last step in the build phase set our "firstboot" script as  "/var/root/firstboot.sh". So what's the minimum we need in the "firstboot" phase? There isn't really a minimum for this phase as you can do most of this stuff at localisation phase. The main things I do here relate to writing prefs that a machine specific ie, contain UUID or MACADDRESS Setting default screensaver Setting default menu extras Run Apple Software updates that require a booted OS Set the initial HOSTNAME, LOCALHOSTNAME and COMPUTERNAME Set the initial Energy Saver settings Disable some Network Services (firewire, bluetooth) Set the initial Network Services Order Disable IPv6 Couple things you will need to know for this stage, how to get the UUID and/or the MACADDRESS. Post 2010 macs seem to use t...