Problem with keychain and binding to LDAP


Permalink 02:36:23 pm, by pat, 162 words, 243 views   English (CA)
Categories: Activity Log; Mins. worked: 0

Problem with keychain and binding to LDAP

I discovered that the keychain service in macOS synchronizes itself with the login password used to login, including externally set passwords like netlink. This is a problem if a password is reset by the user or someone else on campus as it produces a keychain alert on next login to a linguistics machine which is confusing for most people.

I will fix this by using a script that deletes the previous users login keychain information on login. A new keychain is created each time a user logs in and then is deleted when they login again, thus avoiding the keychain sync issue.

The reasoning for that decision is here:

I will either use a logout hook, which is deprecated by apple but still usable (and very simple to implement):

or I will use Offest:

With this script:

Trackback address for this post:

Trackbacks, Pingbacks:

No Trackbacks/Pingbacks for this post yet...

This post has 1 feedback awaiting moderation...


Blog for tracking HCMC work related to Linguistics lab support.


XML Feeds