0 Subscribers

I have spent considerable amount of time (over YM) the past two weekends trying to help me dad get his Windows desktop to connect to the WiFi network I have running back home. The process has been a lot of pain and he’s still unable to connect, but this post is not to whine about what’s wrong with this Windows world. As you would expect, amongst other things, I needed to tell him the SSID and WEP key for the network and of course Keychain spoilt as we are, I didn’t remember either. No big deal, I just went into the Network Preferences and told him the SSID of the Wireless Network I have setup Airport to join in the “Home” location.

Now there’s the password as well, but to see it I’ll need to use Keychain, our trusted password keeper. I run Keychain and can see all the passwords except the one I need – Murphy’s law? Not quite, because I can’t see any of the Airport passwords. Well, that’s strange. I look around at various websites but nothing tells me where our trusted Airport passwords might be. I spot the “Show Keychains” button (it’s right there, duh!) and click on it and viola, a drawer pulls out and tells me I am looking at the “login” keychain and there’s another keychain called “system”. As you would expect, the Airport passwords are in the other keychain. So far so good, although the existence of another keychain could have been more “visible”. Anyways, the “Show Keychains” button was “right there” so I would let this one go.

I selected my network and tried to “Show password” but it just wouldn’t accept my login password (and yes I have administrator privileges). This while the user keychain quite happily accepted my password. I looked this problem up and found that the reason was that I had changed my login password since installation. Aha, so what this means is that while the user keychain password (automatically) changes when you change your login password, the same doesn’t hold true for the system keychain. I presume the system keychain would unlock with my old login password – if only I could remember it!

I tried to “Repair” the keychain using the “Synchronize login keychain password” option but apparently that’s only for your “user” keychains. I tried the booting from Install DVD and resetting the user password routine but no cigar. I was getting really irritated at this point and had me dad (there’s me trying to write Scouse again) hanging by the chat window for the best part of 30 minutes waiting for the password. That was when the command line geek in me finally decided to show up.

The basic idea is to “fool” Keychain into thinking your system keychain is your user keychain. If you are comfortable with the command line you can probably take it from there (do not forget to backup before you attempt anything) but if you’re not I’ll hold your hand until you are done. So here we go, here’s how to reset your system keychain password (works in Panther, no reason it shouldn’t in Tiger):

1) Quit Keychain Access
Just in case, quit Keychain Access if it is running.

2) Fire up Terminal
Available typically in Application/ Utilities

3) Backup your keychains
$ cp ~/Library/Keychains/login.keychain ~
$ cp /Library/Keychains/system.keychain ~

4) Replace login.keychain with system.keychain
$ cp /Library/Keychains/system.keychain ~/Library/Keychains/login.keychain

5) Run Keychain Access and verify that the login keychain is actually your “system” keychain (i.e. both keychains are same). Now goto Keychain First Aid in the Window menu and verify that “Synchronize login keychain password” option is selected. Just to be sure do a “verify” and you’ll be informed that the password needs to be changed. Go ahead and do the actual repair.

6) Quit Keychain Access

7) Copy the system keychain to it’s original place and restore the user keychain
$ sudo cp ~/Library/Keychains/login.keychain /Library/Keychains/system.keychain
$ cp ~/login.keychain ~/Library/Keychains/login.keychain

8) Fire open Keychain Access and you should be able to unlock the System keychain with your login password.

There – you are good to go!

Just in case something goes wrong, you can go back to your old keychains:
$ sudo cp ~/system.keychain /Library/Keychains/system.keychain
$ cp ~/login.keychain ~/Library/Keychains/login.keychain

Well, atleast something good came out of the Windows pain (in the form of this post). Not really because we would have needed the password even if the process was easier, but let’s pretend otherwise.

So where does that leave our keychains as far as security is concerned. Does that mean if you somehow manage to lay your hands on someone else’s keychain, you just reset it’s password and gain access to all the information inside it? Or is there some “system specific” information that is stored as part of the keychain that this synchronize login keychain password option looks into as well to ensure that you are not resetting someone else’s keychain?

Unfortunately I do not have access to another OS X install, so I can’t test that. I’ll see if I can have someone send me a “junk” keychain from their system and try to repair that. Or you can test the same at home if you have multiple OS X installs or download this keychain I created with nothing but a note inside and see if you can get it to synch with your login password. Please share your results.

Edit: Rest in peace (no puns intended), your keychains are safe. Thanks to AHM who wrote in to confirm he couldn’t reset the junk.keychain from my system.

Related Posts

1. Ayrton, Diego get new stripes
2. Delhi Metro Airport Express
3. Look Ma, no wires!

This entry was posted on Sunday, August 13th, 2006 at 10:16 and is filed under apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.