Posted on 07-15-2020 10:17 AM
I want to remove a key of the kind 'network password' from the login.keychain using a script. But, I can't find a way to do it.
This is because we have an issue with Ricoh my print within our organisation. users have local profiles on their Macbooks but their credentials for printing are synced from AD. When they print, the AD credentials are saved to the keychain. When the AD password expires however, printing stops working until the keychain entry is deleted and replaced.
Endless hours of googling haven't helped, because it seems there's no way to identify the kind 'network password' within a script.
this is the key:
I tried the following script to make this work (username & path changed):
Security find-network-password -l "https://<myRICOHurl>" /Users/user_name/Library/Keychains/login.keychain
security delete-network-password -l "https://myRICOHurl" /Users/user_name/Library/Keychains/login.keychain
I tried the same, replacing netowrk with internet & generic, same effect. Also tried this:
security delete-network-password -l "RICOH My print" /Users/user_name/Library/Keychains/login.keychain
Can't get this to work, would appreciate any help or insight into what I'm doing wrong, or what I'm missing. I am a total newb at scripting for macs so be gentle with me :)
Thanks!
Posted on 07-16-2020 11:31 AM
@PinkNoam The following Bash command should delete known entries:
/usr/bin/security delete-internet-password -l "${1}" /Users/${loggedInUser}/Library/Keychains/login.keychain-db
Posted on 07-17-2020 06:31 AM
Fantastic, thank you for your input...we've identified specific entry we are looking to delete.Run within Automator, I get the following Bash command to work:
security delete-internet-password -s 192.168.10.242
security delete-internet-password -s 192.168.10.107
Any suggestion on how to make is easy for the user to run? Can I translate this to Applescript to create an "application"?
Thank you again for your help and input!
Posted on 07-17-2020 12:35 PM
We have a Jamf Pro Policy which leverages Script Parameters and the following script:
#!/bin/bash
####################################################################################################
#
# ABOUT
#
# Removes Keychain entries as specified in JSS script parameters
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 6-Jun-2018, Dan K. Snelson
# Original version
#
####################################################################################################
### Variables
loggedInUser=$( /usr/bin/stat -f %Su "/dev/console" )
entryName1="$4" # Keychain Entry Name (i.e., "com.microsoft.SkypeForBusiness.HockeySDK")
entryName2="$5" # Keychain Entry Name (i.e., "skype")
entryName3="$6" # Keychain Entry Name (i.e., "Skype for Business")
entryName4="$7" # Keychain Entry Name
entryName5="$8" # Keychain Entry Name
entryName6="$9" # Keychain Entry Name
### Functions
removeKeychainEntry() {
echo " " # Blank line for readability
echo "* Keychain entry to remove: ${1}"
/usr/bin/security delete-generic-password -l "${1}" /Users/${loggedInUser}/Library/Keychains/login.keychain-db
echo "* Removed ${1}."
}
### Command
echo " "
echo "### Removing Keychain Entries ###"
echo " "
# Keychain Entry Name 1 to quit
if [ ! -z "${entryName1}" ]; then
removeKeychainEntry "${entryName1}"
fi
# Keychain Entry Name 2 to quit
if [ ! -z "${entryName2}" ]; then
removeKeychainEntry "${entryName2}"
fi
# Keychain Entry Name 3 to quit
if [ ! -z "${entryName3}" ]; then
removeKeychainEntry "${entryName3}"
fi
# Keychain Entry Name 4 to quit
if [ ! -z "${entryName4}" ]; then
removeKeychainEntry "${entryName4}"
fi
# Keychain Entry Name 5 to quit
if [ ! -z "${entryName5}" ]; then
removeKeychainEntry "${entryName5}"
fi
# Keychain Entry Name 6 to quit
if [ ! -z "${entryName6}" ]; then
removeKeychainEntry "${entryName6}"
fi
exit 0 ## Success
exit 1 ## Failure