Problem with keychain and binding to LDAP

06/10/16

Permalink 02:36:23 pm, by pat, 162 words, 162 views   English (CA)
Categories: Activity Log; Mins. worked: 0

Problem with keychain and binding to LDAP

I discovered that the keychain service in macOS synchronizes itself with the login password used to login, including externally set passwords like netlink. This is a problem if a password is reset by the user or someone else on campus as it produces a keychain alert on next login to a linguistics machine which is confusing for most people.

I will fix this by using a script that deletes the previous users login keychain information on login. A new keychain is created each time a user logs in and then is deleted when they login again, thus avoiding the keychain sync issue.

The reasoning for that decision is here: http://technology.siprep.org/deleting-keychains-at-user-logout/

I will either use a logout hook, which is deprecated by apple but still usable (and very simple to implement): http://www.amsys.co.uk/2015/02/delete-keychains-logout/?nabe=6486817002487808:0

or I will use Offest: https://github.com/aysiu/offset

With this script: https://github.com/aysiu/Mac-Scripts-and-Profiles/blob/master/RemoveLastUserKeychains

Trackback address for this post:

https://hcmc.uvic.ca/blogs/htsrv/trackback.php?tb_id=14499

Trackbacks, Pingbacks:

No Trackbacks/Pingbacks for this post yet...

This post has 1 feedback awaiting moderation...

Linguistics

Blog for tracking HCMC work related to Linguistics lab support.

Reports

XML Feeds