Disable "Network Password Keychains"

rich_malary
New Contributor

Is there a way to disable the saving of network passwords? Or disable this check box when connecting to a server ?51447e4d1fb742c892d4e6d57ebd7d7e

1 REPLY 1

mm2270
Legendary Contributor III

I don't think so, unless the server and your clients are kerberized and they can connect with network credentials automatically. They wouldn't be prompted for any credentials in that case. There may be some config profile or older MCX option for that I'm not aware of, so don't quote me on saying it's not possible.

Other than that, the only thing I could recommend was something I did a long while ago to prevent certain keychain entries from being created. We created and deployed a LaunchAgent (runs as the logged in user) that used their login.keychain as a WatchPath, meaning the Launchd job would get triggered on changes to their keychain. It would then run a script and use the security command to look for specific saved password entries in their keychain, and remove them if found.
The process I put together was a little more involved than just that, as it also popped up some dialogs to explain the issue to the user and even gave them an option of not being warned about it in the future. But it doesn't really need that. It could run silently.
Honestly though, if you needed to turn this off for a list of different servers, or just any server they try to connect to, it would be complicated to do that all in a LaunchAgent + script as I described. Not impossible, but would be a bit messy I think.