#!/bin/bash



user=$(ls -la /dev/console | cut -d " " -f 4)

rm -rf /Users/$user/Library/Keychains/login.keychain



exit 0

Ran as a policy triggered by Logout.

You could also try Alan Siu's Offset here
which is an offshoot of Outset

Thanks @dpertschi but this hasn't rectified my problem.

We have our managed clients bound to Active Directory, as soon as a user changes their AD password it flags up issues with the login keychain. I was hoping removing it on logout would rectify it but it doesn't

Would there be a way to remove everything in the users keychain folder?

@m.higgins Have you tried ADPassMon?

@m.higgins that would be:

#!/bin/bash



user=$(ls -la /dev/console | cut -d " " -f 4)

rm -rf /Users/$user/Library/Keychains/*



exit 0

what @davidacland said. You need delete more than just the login.keychain from the user's Keychains folder. There's a folder as well which is unique to the user.

We're looking to deploy ADPassMon in the near future to (hopefully) streamline the process a bit because we too use AD.

My version, which backs up the old one in case a need for it arises:

#!/bin/bash

#

# Deletes the user keychain folder.



backup_name="keychain_backup_`/bin/date +"%Y_%m_%d_%H%M"`.gz";

target_user=$3;

folder_path="$(/usr/bin/id -P $target_user | /usr/bin/cut -d: -f9)/Keychains/";

/usr/bin/ditto -ck "$folder_path" "$folder_path../$backup_name";

/bin/rm -rf "$folder_path";

/usr/bin/su $target_user -c "/bin/mkdir -p "$folder_path"";

Excellent responses one and all

Fixed the problem perfectly

Hello,

Quick question. To make this work, would I need to create a script out of the code above, then place it in the scripts part of the policy that I've created (after uploading it to the JSS of course)?

Thanks!

It's been a big help for my lab macs...thanks!