Help

Keychain over a network

Mk_9090
New Contributor

Posted on ‎11-07-2018 04:45 AM

Firstly i will state that my Mac knowledge isn't the best.

We are having an issue with our mac and Keychain at the moment, whenever anyone changes their Keychain password on Keychain access on a mac when they move to a different mac the Keychain password isn't updated. It wont accept the old keychain password either. We then have to cancel about 10 popups before we can start using the Mac

We are changing the Keychain password in Keychain Access<Edit<Change Keychain "login"

I am sure that we are doing something wrong.

We have tested this on an iMac 2012 and iMac 2015 all on Sierra 10.12.6

0 Kudos
3 REPLIES 3

dsavageED
Contributor III

Posted on ‎11-07-2018 05:44 AM

Apple's solution to a network based keychain is iCloud keychain. Storing the login.keychain on a network server is unlikely to work, the file is encrypted and that encryption is (I believe) tied to the Mac in some way. Generally the keychain password should match the login password, having them mismatched creates the error you have seen due to services needing access to the login.keychain but it not being opened with the logon.

Are you using network homes?
Why are you changing the keychain password?
Could you change the login password (this updates the keychain) instead?

Apple's doc on keychains in Sierra, here

0 Kudos

Mk_9090
New Contributor

Posted on ‎11-08-2018 12:53 AM

When we change our login we use Active Directory, which is linked to the mac's. This doesn't update keychain, so we our trying to update the keychain so it matches the login passwords we our using.

We also use network homes for all of the macs.

0 Kudos

dsavageED
Contributor III

Posted on ‎11-08-2018 01:29 AM

If you change the login password of a network user on the Mac, it should sync to the AD and the keychain, I'll admit this doesn't always happen... A better solution might be NoMAD