Reset system keychain password

I have spent considerable amount of time (over YM) the past two weekends trying to help me dad get his Windows desktop to connect to the WiFi network I have running back home. The process has been a lot of pain and he’s still unable to connect, but this post is not to whine about what’s wrong with this Windows world. As you would expect, amongst other things, I needed to tell him the SSID and WEP key for the network and of course Keychain spoilt as we are, I didn’t remember either. No big deal, I just went into the Network Preferences and told him the SSID of the Wireless Network I have setup Airport to join in the “Home” location.

Now there’s the password as well, but to see it I’ll need to use Keychain, our trusted password keeper. I run Keychain and can see all the passwords except the one I need – Murphy’s law? Not quite, because I can’t see any of the Airport passwords. Well, that’s strange. I look around at various websites but nothing tells me where our trusted Airport passwords might be. I spot the “Show Keychains” button (it’s right there, duh!) and click on it and viola, a drawer pulls out and tells me I am looking at the “login” keychain and there’s another keychain called “system”. As you would expect, the Airport passwords are in the other keychain. So far so good, although the existence of another keychain could have been more “visible”. Anyways, the “Show Keychains” button was “right there” so I would let this one go.

I selected my network and tried to “Show password” but it just wouldn’t accept my login password (and yes I have administrator privileges). This while the user keychain quite happily accepted my password. I looked this problem up and found that the reason was that I had changed my login password since installation. Aha, so what this means is that while the user keychain password (automatically) changes when you change your login password, the same doesn’t hold true for the system keychain. I presume the system keychain would unlock with my old login password – if only I could remember it!

I tried to “Repair” the keychain using the “Synchronize login keychain password” option but apparently that’s only for your “user” keychains. I tried the booting from Install DVD and resetting the user password routine but no cigar. I was getting really irritated at this point and had me dad (there’s me trying to write Scouse again) hanging by the chat window for the best part of 30 minutes waiting for the password. That was when the command line geek in me finally decided to show up.

The basic idea is to “fool” Keychain into thinking your system keychain is your user keychain. If you are comfortable with the command line you can probably take it from there (do not forget to backup before you attempt anything) but if you’re not I’ll hold your hand until you are done. So here we go, here’s how to reset your system keychain password (works in Panther, no reason it shouldn’t in Tiger):

1) Quit Keychain Access
Just in case, quit Keychain Access if it is running.

2) Fire up Terminal
Available typically in Application/ Utilities

3) Backup your keychains
$ cp ~/Library/Keychains/login.keychain ~
$ cp /Library/Keychains/system.keychain ~

4) Replace login.keychain with system.keychain
$ cp /Library/Keychains/system.keychain ~/Library/Keychains/login.keychain

5) Run Keychain Access and verify that the login keychain is actually your “system” keychain (i.e. both keychains are same). Now goto Keychain First Aid in the Window menu and verify that “Synchronize login keychain password” option is selected. Just to be sure do a “verify” and you’ll be informed that the password needs to be changed. Go ahead and do the actual repair.

6) Quit Keychain Access

7) Copy the system keychain to it’s original place and restore the user keychain
$ sudo cp ~/Library/Keychains/login.keychain /Library/Keychains/system.keychain
$ cp ~/login.keychain ~/Library/Keychains/login.keychain

8) Fire open Keychain Access and you should be able to unlock the System keychain with your login password.

There – you are good to go!

Just in case something goes wrong, you can go back to your old keychains:
$ sudo cp ~/system.keychain /Library/Keychains/system.keychain
$ cp ~/login.keychain ~/Library/Keychains/login.keychain

Well, atleast something good came out of the Windows pain (in the form of this post). Not really because we would have needed the password even if the process was easier, but let’s pretend otherwise.


So where does that leave our keychains as far as security is concerned. Does that mean if you somehow manage to lay your hands on someone else’s keychain, you just reset it’s password and gain access to all the information inside it? Or is there some “system specific” information that is stored as part of the keychain that this synchronize login keychain password option looks into as well to ensure that you are not resetting someone else’s keychain?

Unfortunately I do not have access to another OS X install, so I can’t test that. I’ll see if I can have someone send me a “junk” keychain from their system and try to repair that. Or you can test the same at home if you have multiple OS X installs or download this keychain I created with nothing but a note inside and see if you can get it to synch with your login password. Please share your results.

Edit: Rest in peace (no puns intended), your keychains are safe. Thanks to AHM who wrote in to confirm he couldn’t reset the junk.keychain from my system.

23 Comments

  1. I was able to reset the password on my system keychain, but not your junk keychain. So there must be some additional safeguard.

  2. Just wanted to thank for this fix.
    Havent been able to find a solution anywhere and yours worked!!!

  3. thank you, thank you, kind sir. I was in a bind, trying to get a WiFi password from an old computer owned by someone who had forgotten the system passwords. phew!

  4. I can unlock my System keychain, but I still can’t “Show password” of any of the items in my system keychain, (I too am looking for a WiFi password in there). I get prompted for the keychain password (System.keychain), but it rejects the password.

  5. Thank you so much! I forgot the password for one of my keychains and I couldn’t view any passwords or notes or anything, but this worked great!!! ThankYouThankYouThankYou!!!!!

  6. This happens to me too, any ideas? Thanks!
    I can unlock my System keychain, but I still can’t “Show password” of any of the items in my system keychain, (I too am looking for a WiFi password in there). I get prompted for the keychain password (System.keychain), but it rejects the password.

  7. I used this technique, but found two unwelcome surprises:

    1. The wireless encryption keys are stored as hashes, and not clear text (unlike the cleartext keys stored in login.keychain).

    2. After you copy the system.keychain back into place modified to use your login password, you will now have to type in your login password *every* time the machine come out of sleep (and I’m presuming a second time at login.)

    I opened a call with Apple, even the guy this got escalated to was surprised by this behaviour. He promised engineering would get back to me in a week…

  8. hey av been trying trying thpus commands but there not going thru i have my mac adimin passwrd but 4 goten my keychain login pass.am useing 10.4

  9. You are a genius. I realize how old this is, but I (like a few others apparently) just now needed it and found it. It’s so simple but so effective. You realize that even now, 3 years after you first posted this, I found no other reliable way to get into the system keychain. This is the only method that worked, and this is the only site that has this method. Great work!

  10. Thank you for the guide. I had lost my wireless password, and this let me retrieve it from Keychain.

  11. When I used this procedure it copied all the keychain login items into the keychain system folder but overwrote the existing entries so you need to copy the originals and re insert them if thats possible after you’ve finished the process

  12. I would love to try this but my roommie’s imac has never been backed up for the 4 years she’s had it, and I know very little about macs and she would be EXTREMELY upset with me if I tried something and lost her data. (in fact I’m quite concerned right now that if she shuts off the computer she won’t be able to get back in because we changed her admin keychain, and I read somewhere that if you do this you are screwed!) She had a LaCie backup drive in an unopened box, but when I tried to install the software to use the backup drive, it insisted on having the system password to do the installation!!! So now we can’t even backup the computer?! Help!!

  13. I thought I’d post this here, since this page started me off. I’ve been using Timemachine to migrate re-install my Macs since I moved over a few years ago.

    This time round I wanted to do a fresh re-install. I moved over my login.keychain and the System.keychain to the new install, but I could not access any of the stored passes in System.keychain. After a few hours of working on it and trying everything documented on the net that I could find, I figured it out. I could not change the pass because of the whole story that osX generates a random pass the 1st time it’s loaded and this si what is used to access System.keychain, so moving it to a new comp basically you can no longer access any of these passes, unless you manually set a pass for System.Keychain Riiiiiiiiiiiiiiiiight in the begining. In my case it’s been a few years and I tried every pass I could think of.

    Solution was to copy /var/db/SystemKey from my previous install where my System.keychain was accessible, to the same dir in the fresh install.

    Problem solved. I can now access all my previously saved passes in the keychain.

    This was hard info to find, and not documented anywhere. I hope it helps people who can’t live without their legacy System.keychain file when re-install a new comp from fresh.

  14. When I replace the keychains, it says: „please enter the keychain password”. When I do the repair, it is unable to synchronize the passwords. History: I reinstalled once the os x from scratch, and I renamed the home folder. Cannot remember the password it asks 🙁

    If I create another system keychain I am not able to see the passwords with „show password”. The box checks it out for a moment, then remains as before.
    Any ideas?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.