Remove key of kind 'network password' from login.keychain

PinkNoam
New Contributor

I want to remove a key of the kind 'network password' from the login.keychain using a script. But, I can't find a way to do it.

This is because we have an issue with Ricoh my print within our organisation. users have local profiles on their Macbooks but their credentials for printing are synced from AD. When they print, the AD credentials are saved to the keychain. When the AD password expires however, printing stops working until the keychain entry is deleted and replaced.

Endless hours of googling haven't helped, because it seems there's no way to identify the kind 'network password' within a script.

this is the key:

d42cb3c0e7934028b948a9066ea61d27

I tried the following script to make this work (username & path changed):

Security find-network-password -l "https://<myRICOHurl>" /Users/user_name/Library/Keychains/login.keychain

security delete-network-password -l "https://myRICOHurl" /Users/user_name/Library/Keychains/login.keychain

I tried the same, replacing netowrk with internet & generic, same effect. Also tried this:

security delete-network-password -l "RICOH My print" /Users/user_name/Library/Keychains/login.keychain

Can't get this to work, would appreciate any help or insight into what I'm doing wrong, or what I'm missing. I am a total newb at scripting for macs so be gentle with me :)

Thanks!

3 REPLIES 3

dan-snelson
Valued Contributor II

@PinkNoam The following Bash command should delete known entries:

/usr/bin/security delete-internet-password -l "${1}" /Users/${loggedInUser}/Library/Keychains/login.keychain-db

magtype
New Contributor

Fantastic, thank you for your input...we've identified specific entry we are looking to delete.Run within Automator, I get the following Bash command to work:

security delete-internet-password -s 192.168.10.242
security delete-internet-password -s 192.168.10.107

Any suggestion on how to make is easy for the user to run? Can I translate this to Applescript to create an "application"?

Thank you again for your help and input!

dan-snelson
Valued Contributor II

@magtype

We have a Jamf Pro Policy which leverages Script Parameters and the following script:

#!/bin/bash
####################################################################################################
#
# ABOUT
#
#   Removes Keychain entries as specified in JSS script parameters
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 6-Jun-2018, Dan K. Snelson
#       Original version
#
####################################################################################################



### Variables
loggedInUser=$( /usr/bin/stat -f %Su "/dev/console" )

entryName1="$4"       # Keychain Entry Name (i.e., "com.microsoft.SkypeForBusiness.HockeySDK")
entryName2="$5"       # Keychain Entry Name (i.e., "skype")
entryName3="$6"       # Keychain Entry Name (i.e., "Skype for Business")
entryName4="$7"       # Keychain Entry Name
entryName5="$8"       # Keychain Entry Name
entryName6="$9"       # Keychain Entry Name



### Functions
removeKeychainEntry() {

    echo " " # Blank line for readability

    echo "* Keychain entry to remove: ${1}"

    /usr/bin/security delete-generic-password -l "${1}" /Users/${loggedInUser}/Library/Keychains/login.keychain-db
    echo "* Removed ${1}."

}



### Command

echo " "
echo "### Removing Keychain Entries ###"
echo " "


# Keychain Entry Name 1 to quit
if [ ! -z "${entryName1}" ]; then
    removeKeychainEntry "${entryName1}"
fi

# Keychain Entry Name 2 to quit
if [ ! -z "${entryName2}" ]; then
    removeKeychainEntry "${entryName2}"
fi

# Keychain Entry Name 3 to quit
if [ ! -z "${entryName3}" ]; then
    removeKeychainEntry "${entryName3}"
fi

# Keychain Entry Name 4 to quit
if [ ! -z "${entryName4}" ]; then
    removeKeychainEntry "${entryName4}"
fi

# Keychain Entry Name 5 to quit
if [ ! -z "${entryName5}" ]; then
    removeKeychainEntry "${entryName5}"
fi

# Keychain Entry Name 6 to quit
if [ ! -z "${entryName6}" ]; then
    removeKeychainEntry "${entryName6}"
fi


exit 0      ## Success
exit 1      ## Failure