After installing some random Mac OS X update, I started getting a weird dialogue box when I rebooted my machine. I don’t know when it started because I may not reboot my iBook for a month or more at a time. The message says thus:
“Mac OS X wants to use keychain system”
The password was not my login password, and nothing else I could think of. When this dialogue box was open, it would stop my airport card from connecting to my default network. As soon as I clicked cancel my wireless would connect. It wasn’t a major problem, just an annoyance.
I found a solution on Mac Fix It Forums which fixed the problem.
Tiger stores your Airport (WLAN) WEP keys (and apparently some other info) to /Library/Keychains/System.keychain, which is also available through Keychain Access. However, apparently that keychain has a system generated random password by default. If you try to access the actual passwords in the System keychain through Keychain Access, it will ask for the random password that, of course, is impossible to enter.
Now, if you want to set a keychain password for the System keychain, the only way seems to be through the command line. I happened to had only one stored password in the System keychain, so I was able to skip exporting the keys (on command line) and then importing them; I don’t even know if that is possible if you don’t know the keychain password.
So, what you can do, and what I did, is to create a new System keychain with a password that you *do* know. These are the instructions to do so. Please note that when you follow these instructions, any passwords in your System keychain, if any, will be lost.
- Start terminal and give the following 2 commands (make sure they are on one line in terminal)
- sudo mv /Library/Keychains/System.keychain /Library/Keychains/ System.keychain.backup
- sudo systemkeychain -k /Library/Keychains/System.keychain -C “password”
(where “password” is the new keychain password that you want to give to the System keychain)- Reboot the system
To test that you have managed to do that right, do something to create a new entry to the System keychain (e.g. join a WAP-protected WLAN), launch Keychain Access, select System keychain, double click the entry in the System keychain to open the info window, and select “Show password”. You will be asked for the System keychain password, and if you managed to set it right, you can now grant access to show the password in the entry.
This worked for me. When I rebooted, I got a dialogue box asking for me to grant keychain access to airport. Thanks wrl!
Another possible reason I won’t be installing this update. I heard it was buggy.
It wasn’t the most recent update. It was an update from some time ago. I think it might have been doing this for at least a month.
Did you get 10.4.3 yet? I guess it came out yesterday. Maybe that’ll fix some things. It’s worked for me so far.
Yeah, I installed the latest update but that didn’t fix this little niggling problem.
oh how i like the word niggling!
I started getting this after installing the 10.4.3 update this morning. Everything works fine if I just cancel. I can enter my name and password to unlock from keychain access, but no password will work in the dialog that comes up after logging in. Strange…
That definitely sounds like it, but for whatever reason it started on my machine a while ago and I’ve been ignoring it since. What I posted will definitely get rid of it though.
Hooray, it works! You are a genius. Best of luck on your trans-continental move!
The above solution solves the problem. It does, however, not tell you what your stored passwords are. I have forgotten my WEP password at home, but I need it for another gadget. I could of course just reset it.
Anyway, the following program reads a key from the System keychain. Please note that you should press “allow ONCE” when the system asks you.
// (c) 2005 Eljakim Schrijvers
// NO WARRANTY WHATSOEVER – USE AT YOUR OWN RISK
#include
#include
#include
void printSecStatusError(char *prefix,OSStatus status) {
printf(”%s: (%d)”,prefix, status);
switch(status) {
case noErr: printf(“No Error”); break;
case errSecNoSuchKeychain: printf(“No such keychain”); break;
case errSecItemNotFound: printf(“The item cannot be found”); break;
default: printf(“An error has occurred”);
}
printf(“n”);
}
int main() {
char *passwordData = nil;
char *keychain = ”/Library/Keychains/System.keychain”;
// char *keychain = “login.keychain”; // uncomment to use your login keychain
char *keyname = “Eljakim”; // what key are you looking at?
UInt32 passwordLength = nil;
SecKeychainItemRef itemRef = nil;
SecKeychainRef keychainRef = nil;
SecKeychainStatus keychainStatus = nil;
OSStatus status;
status = SecKeychainOpen(keychain,&keychainRef);
printSecStatusError(“Open”,status);
status = SecKeychainGetStatus(keychainRef, &keychainStatus);
printSecStatusError(“GetStatus”,status);
status = SecKeychainFindGenericPassword ( keychainRef,0,””,strlen(keyname),keyname,&passwordLength,&passwordData,&itemRef );
printSecStatusError(“FindGenericPassword”,status);
passwordData[passwordLength]=0;
printf(“Password: (%d) %sn”,passwordLength,passwordData);
return 0;
}
I too had this Keychain problem after updating to 10.4.3. Eljakim, unfortunately the message board software mangled your #includes, at least… any chance of a url for your source?
the includes are:
Security/SecKeychain.h
Security/SecKeychainSearch.h
Security/SecKeychainItem.h
Make sure to include the Security Framework in XCode under External Frameworks; otherwise it won’t link.
People have stated in the comments that they’ve avoiding this or that update due to buggyness.
Just so you know, I’ve had this problem with MacOS 10.3, so it has nothing to do with the update.
I just deleted the system keychain in the utility and when it recreated it after reboot, it had the same password as my login keychain.
What I want to know is how to get the passwords to store in my login keychain and NEVER in system. I’m the only user, so I don’t care if ‘other users’ have access to the wireless.
I’ve had the most horrific trouble with the mac just not finding networks, or not searching one’s I’ve created and finding them, or duplicating a key already in my login keychain. If it’s in my login keychain, it find the network and connects. If it’s not, it won’t, and it won’t let me ‘create’ an existing network. It’s a daily pain.
Weird, I haven’t had that problem, and have had no problems at all since doing the fix in my post.
cheers ani, that just helped me too!
Can anybody tell me the details on how to set up the X Code project for the above? Is it a Cocoa app? If it’s a command line utility, what kind is it?
Hello again everyone, I figured out how to complie the above.
In XCode, under New Project, in the Command Line Utility section, choose Standard Tool.
Delete the default code, and replace with the above.
Then search and replace all the curly quotes with straight quotes.
fix the #include lines by surrounding the above indicated strings (System/…) with a less-than sign, and a greater-than sign.
As indicate also above, right click on the project icon (the blue page at the top right of the Project window), and select. Add->External Frameworks. Then select Security.framework.
Then go into the main() function, and replace the value of keyname with the real name of the keychain you want to read.
Then click build and run.
Note that if it can’t find the key you are looking for, it will crash b/c even though it tells you the status, it doesn’t check to see if the call failed before it tries to read the result.
I just thought I would mention that you can do the same thing with applescript no need for writing c code (and downloading XCode) in this case.
tell application Keychain Scripting
set x to keychain System.keychain
tell x
set y to every key whose name is Enter your key name here
password of item 1 of y
end tell
end tell
The airport key will display in the applescript results tab as a hex encoded string. You can use that as is when trying to access your wireless network. Just select the proper menu item (something like 40/128 bit hex) when you connect.
Just thought that would be easier.