-
Notifications
You must be signed in to change notification settings - Fork 20
Feature request: Reset Local Items Keychain #8
Comments
T-Short, do you manage keychains via ADPM too? I'm thinking of maybe adding a "Check Keychain" item to the drop down if enabled |
Hm, no, I've only used it in one instance so far and that's where the Local Items issue popped up. |
Ok. The local items keychain lock state is not accessible via the "security" command. I'll look at googles Keychain Minder & see if there is something pinchable. Regards, Ben.
|
Pulled from 2.20.11 to investigate: https://github.com/google/macops/tree/master/keychainminder#how-it-works Specifically: https://github.com/google/macops/blob/master/keychainminder/Common/Common.m#L70 |
I know our environment would benefit from a "Check Keychain" in the menubar in ADPM. Along the same lines, when I tested changing a password a couple months ago (10.11.5) at first login on another machine where the same user was logged in it presented the ADPM keychain prompt. Now for whatever reason it's not bringing up the prompt anymore. Have disabled the OSX keychain sync pref and the ADPM user pref has enableKeychainLockCheck enabled (bool true). Wondering if it could the account I'm using, as the test account is set to never expire but the password can be changed ... Running the latest version - 2.20.19 |
I can confirm that choosing "Refresh Kerberos ticket" brings up the Keychain prompt and will successfully update the Keychain pass, but for whatever reason it doesn't display the Keychain prompt at login if the keychain is out of sync with the user's new AD pass. |
Hi folks, ADPassmon is no longer maintained, please use NoMAD. As such, i'm closing this off. |
In the case where a user has a borked Local Items keychain from an earlier password change (multiple prompts for Local Items keychain password on login), a nice feature for remote support would be to have an option to reset this separately (maybe from the menubar dropdown?), i.e. just nuking the UUID folder in ~/Library/Keychains/ and requesting reboot as opposed to taking out the Login Keychain along with it.
The text was updated successfully, but these errors were encountered: