Docker login command accesses random KeyChain entries and fails

[joelika]

Duplicated from docker/for-mac#1540 Adding here to hopefully get more visibility.

Expected behavior:
Running the command
docker login -u USER -p PASS HOST:8443
should login to the specified repo.

Unexpected behavior:
Running the above command causes docker to ask to access the KeyChain for a randomly chosen entry.
If I deny the request, then the command fails with:
"error getting credentials - err: exit status 1, out: The user name or passphrase you entered is not correct."
If I allow the request, then the command fails with:
"Error saving credentials: error storing credentials - err: exit status 1, out: The specified item already exists in the keychain."

Could be related to issue #47, but I believe that has already been resolved. I also tried downloading docker-credential-osxkeychain v0.5.0 and replacing /usr/local/bin/docker-credential-osxkeychain with that release and I had the same issue.

[jeanlaurent]

@joelika This sounds really weird, we can't really reproduce your issue.
Could you do a which docker-credential-osxkeychain do check there is no other one in there ?
Alternatively, removing /usr/local/bin/docker-credential-osxkeychain and performing a reset to default in your docker for mac should do the trick, of getting rid of the one in /usr/local/bin

[joelika]

Thanks @jeanlaurent! I did perform a which docker-credential-osxkeychain to find the original location under /usr/local/bin/docker-credential-osxkeychain. I then replaced that binary with the v0.5.0 release with the same result.

After that test, I finally deleted the binary at /usr/local/bin/docker-credential-osxkeychain, and now I can use docker login to my private registries with the standard username/password prompt from Docker.

There's a number of other reports on the original issue here docker/for-mac#1540 for reference.

Happy to perform more troubleshooting or provide more details. Thanks for following up!

[jeanlaurent]

Docker For Mac only create symlinks towards the Docker.app bundle in the /usr/local/bin directory.

Could it be possible that you installed a docker-credential-osxkeychain binary in /usr/local/bin ?

I know we suggested that before the 0.5.0 version was available, as a workaround.

[joelika]

@jeanlaurent I did not, mainly because I wasn't even aware of docker-credential-osxkeychain before I had this issue 😄 . But correct, I did see the symlink when I reset docker to factory defaults:

$ which docker-credential-osxkeychain
/usr/local/bin/docker-credential-osxkeychain

$ cd /usr/local/bin/
$ ls -la | grep docker-credential-osxkeychain
lrwxr-xr-x    1 localuser  staff      91 Jun  1 09:00 docker-credential-osxkeychain -> /Users/localuser/Library/Group Containers/group.com.docker/bin/docker-credential-osxkeychain

Then if I run:

docker login my.dockerregistery.com:5002

I get the keychain prompting me to use an item that is not my registry. It's just a random entry, because if I delete this entry, it picks a new one:

and if I hit "Deny", I get:

error getting credentials - err: exit status 1, out: 'The user name or passphrase you entered is not correct.'

I tried then downloading the v0.5.0 release and overwriting the symlink in /usr/local/bin/ and I got the same issue I had above.

Finally, if I delete docker-credential-osxkeychain under /usr/local/bin/, I get the normal Docker login and it works:

$ docker login my.dockerregistery.com:5002
Username:
Password:
Login Succeeded

This is on macOS 10.12.5 and Docker 17.03.1-ce-mac12 (17661)

[liming-gd]

I came across this problem on macOS High Sierra 10.13.1 (17B48) and Docker 17.09.0-ce-mac35 (19611)。 I follow instructions from docker/for-mac#2228 and it works for me.

[Danceiny]

rm /usr/local/bin/docker-credential-osxkeychain, and everything get ok.

[lotusbaba]

deleting the /usr/local/bin/docker-credential-osxkeychain worked for me

[sinan-gul]

It did not work for me.

error getting credentials - err: exec: "docker-credential-osxkeychain": executable file not found in $PATH, out: ``

[Gustry]

deleting the /usr/local/bin/docker-credential-osxkeychain worked for me

Same problem as @BestReaction but after a restart of docker, then it works.

[n4ss]

@BestReaction

1. did you restart docker?
2. when you try a locate docker-credential-osxkeychain, what's the output?
3. the usual setup is that you get a docker-credential-osxkeychain.bin file in the /Applications/Docker.app/Contents/Resources/bin/ resource directory and this is symlink'ed at /usr/local/bin/ (and also intermediately symlink'd through /Users/XXXX/Library/Group Containers/group.com.docker/bin/ normally)

So feel free to recreate the missing symlink at /usr/local/bin if you have the proper binary somewhere on your filesystem.

[stormbeta]

Deleting /usr/local/bin/docker-credential-osxkeychain did not work.

I ran brew install docker-credential-helper which installed it correctly. No idea where the original (no longer working) binary came from.

[sntanala]

Guys, go to docker preferences and click on Restart, once restarted open new terminal and docker login, it resolved to login succeed.
If above did not work then go to docker preferences and click Reset to factory defaults.

[mrnonz]

Still have problem on Darwin Kernel Version 17.6.0