Keychain Access Settings


Anyone know how to manipulate the login Keychain settings? I've got to check these boxes for Security reasons. I'm thinking a Configuration Profile with a custom setting. Can anyone point me in the right direction?

Please and Thank you.1c1cbae05caa4c978bfcce8afa82df8f


Legendary Contributor III

I'm not certain on how you would do this with a Configuration Profile, but the following command will enable those 2 checkboxes.

security set-keychain-settings -l -t 300 ~/Library/Keychains/login.keychain

I think technically if you leave out the -t 300 it defaults to 5 minutes, since that value (5) is preconfigured in the box, but not 100% sure.

Since this is obviously targeting the logged in user's login.keychain, to deploy this from a Casper Suite policy, you'd need to work on a way of targeting the keychain per user account (while running as root) I won't get into the details on that here since there are probably 50 threads on how to run commands as the user already.


Thanks @mm2270 . Next round is on me.

New Contributor II

Did you get this thing rolled ? cos im now stuck at this, pls help me out