Child pages
  • Keychain Behavior
Skip to end of metadata
Go to start of metadata

This page is intended for notes on testing the various iterations of password changes and related issues.. -BRG

Clicking the username shortcut (under Places) takes 7 seconds to load and does not seem to use keychain, even when you tell it to. The password does seem to successfully be housed in Keychain. (In my testing, even if you tell it to store the password in keychain, it will keep asking you for it.)

The following items aren't meant to be real documentation, just preliminary notes.  Someone with better software can take better screen shots for the pre-desktop screens below.

Changing uLogin password from iChain

  • Keychain stays unlocked if the user is already logged into the machine
    • This should behave the same way whether the computer is on or off campus when iChain is used to change the password
    • If you're on campus, the new password won't affect the computer until a reboot
  • User can add stuff to keychain
  • After reboot (or the first boot on campus), you CANNOT log in with the new password and you CAN log in with the old one for ~30 seconds
  • Once you do authenticate with the new credentials, you get two windows
    • First:
    • "Continue log in" should log you in, leave the keychain locked, and bring the message up next login.
    • "Create New Keychain" should erase the existing keychain and create a brand new one.
    • "Update Keychain Password" updates it to the new password, this is the one you want obviously.
    • When you choose Update, you get this:
    • Type in the old password once, and you're done, it uses the new one from there on out.

Changing password from Mac via System Preferences ON CAMPUS

System Preferences > Accounts

  • Asks to change you keychain password, and as long as keychain is unlocked it works.
  • No Keychain trigger because it's not needed.
  • Does change the actual uLogin password (can log in elsewhere)
  • No delay on next login

If the user is on campus, this should be the recommended mechanism to change passwords since it does everything at once.

Changing password from Mac via System Preferences OFF CAMPUS

Interestingly, it won't let you do this.  You get the following error:

In any of the above cases, we're just talking about keychain access itself. If a user stores their ulogin password in keychain manually (for websites or whatever) I THINK they have to manually change it.

My original email to Krista and Marissa

Keychain is enabled by default, but will only store the passwords you instruct it to. In an enterprise computing environment you have to be careful with Keychain, because if you do not know your Keychain password the entire contents of the Keychain will be irretrievable (so you would have to know all your passwords to re-enter them). Since you are logging into your Mac with your uLogin information, your uLogin password is also your Keychain password. When you change your uLogin password (at least every 180 days), you must manually update your Keychain password from your old uLogin password to your new one. If you are not on campus around the time of a password change, continue logging into both your computer and Keychain with the old password until you return to campus. The first time you log into your computer while connected to Drew's network after changing your password from off campus, use your new uLogin credentials. This will update the cached credentials on your computer, and you should now update the Keychain password manually.