System.keychain rejects password

Similar Messages

• Keychain rejects password, even though it is correct (I'm 100% sure of it).

  After trying to open my backed up os 9.2.2. keychains in the OS X Tiger iteration of Keychain access but seemingly being unable to (it asked to add the certificates to the keychain, which I did, but nothing was actually added and import doesn't work either), I decided to use classic instead.
  When classic was running I opened keychain access, opened the selected the keychain, and it asked for the password. All good so far. Now I know the password to these keychain files. It's a simple password and easily remembered. I have entered it thousands of times over the years I used OS 9, it always worked. Well it did when I was booting from OS 9. When I enter the password however in classic, it fails saying the password is incorrect.
  All three keychains I have fail with a wrong password error. But this simply cannot be because I am absolutely 100% sure the password I am entering is 100% correct. I'm not entering it with caps lock on or anything, I even made sure I was typing it correctly by typing it in a text file. Keychain access simple refuses to open the files. It says the password I'm entering is wrong, but it isn't.
  Is there anything I can do to rectify this problem? I have tried erasing the preferences, then restarting classic, but it makes no difference. I tried making a new keychain with exactly the same password and that worked fine. It just doesn't like the old keychain files for some reason.
  I can no longer boot into OS 9 either, not without doing a complete reinstall anyway which I'm not willing to do. Something is wrong somewhere but I don't know what. Anyone have any ideas? I'd appreciate it. In fact, it'd be much better if I could actually get the keychain to work with the OS X version of keychain access but I guess this is the wrong forum for that question.
  Message was edited by: Xandros

  I fixed it myself, I just used my backed up OS 9 system folder to start Classic and then I was able to enter the password and access the keychains. Why the newer system folder that came with OS X didn't work is beyond me.

• System Keychain Password

  After some security issues I wanted to do some deleting/updating of passwords.
  My System Keychain holds passwords for my wireless networks, however , the password I enter after the prompt is not recognised.
  I did a Keychain firstaid and all is well?
  Any suggestions?

  You can't unlock the system.keychain - the password is known only to the system. If you need to remove items from it, open Terminal and type:
  sudo systemkeychain -vfcC
  This will create a new, blank system keychain.
  The options are documented here:
  http://darwinsource.opendarwin.org/Current/security_systemkeychain-11/src/system keychain.cpp
  Once you have recreated the keychain, you can test if it unlocks properly with:
  systemkeychain -vt
  The options used above are:
  -v = verbose
  -f = force
  -c = create if needed
  -C = setup system
  -t = test unlock

• The System.keychain Conundrum:  THE REAL SOLUTION.

  Symptom: After applying an update or some kind of instance where a shutdown occurred, upon rebooting, Mac OS X will demand a password for System.keychain. No password will ever work, not even root.
  I had this happen to me and no one anywhere seemed to know how to fix it except for temporary workarounds that really didn't work.
  First off, let me tell you what WON'T work as a solution:
  1. Deleting offending AirPort network passwords in System.keychain - All you're doing is making OS X forget the passwords of those base stations in your Preferred Networks list (Network Preferences). If you attempt to put the passwords back and apply the changes, OS X will again demand the password for System.keychain.
  2. Keychain First Aid - It will think that nothing is wrong with System.keychain, so as long as it is there.
  3. Repair Permissions - Everyone believes that repairing permissions is the cure-all method for any problem with Mac OS X. It won't work because it already has the correct permissions (root:admin 755).
  4. Deleting System.keychain itself - You won't ever get it back, and any base station added to your list of trusted networks will not have its password saved. Sure, it may save for YOUR login.keychain, but what if you have multiple users?
  5. Replacing System.keychain with another from a known good system - This doesn't work either, and I'll explain why a little later.
  6. Deleting /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist - That has nothing to do with the problem.
  7. Duplicating your login.keychain and renaming it as System.keychain - Sure, you'll be able to unlock it with your admin password, but that doesn't solve the problem.
  No one - not even from Apple themselves (phone reps and store Genius
  Bars) - knew how to fix this issue. Google or search the discussion boards all you want; you'll be wasting your time as no one really seems to know what the problem is and have employed one of those seven methods.
  NOW FOR THE SOLUTION...
  WARNING: This assumes that you are competent with the command line AND you have a working copy of OS X somewhere else nearby, preferably on an external disk partition. I'm not going to explain the basics of using the Terminal or how to access both of your systems at the same time. If you are afraid of screwing up, simply reinstall Mac OS X and say a few prayers that it will fix itself (assuming that another Software Update won't mess it up again).
  The problem lies with a file deep in the bowels of OS X. It's /var/db/SystemKey. What it does is that it tells Mac OS X how to unlock the system keychain. It only knows the System.keychain specific to the computer, so if you import another System.keychain as a replacement, SystemKey won't know how to unlock it and you'll keep getting the annoying dialogs prompting for System.keychain's password.
  So without further ado, this is how to stop the annoying dialogs once and for all:
  1. AS THE ROOT USER, you will need to copy over /var/db/SystemKey from a known good system to your problematic system. Make sure that you preserve the permissions (0400). It is advisable that you are NOT booted from your problematic system.
  2. If you have a good System.keychain, copy that over to /Library/Keychains on the problem system. If you accidentally deleted System.keychain, you can execute the following (again AS ROOT):
  /usr/sbin/systemkeychain -C -f
  This creates a new, working, empty System.keychain and effectively overwrites the old keychain.
  3. Reboot to your system. You will be presented with different, more familiar (Change, Change All) dialogs. If you had any passwords saved in your list of preferred networks, just put them back in.
  Best of luck.

  A method that worked for me (and many others):
  Delete the wireless router entry from the System keychain (do not just delete the password). The entry will automatically get re-created from the similar entry in the login (user) keychain. This solution was posted here within a few days of the release of 10.4.3.
  bd

• Loading a Machine Certificate into System Keychain

  Does anyone know how to load a machine certificate (with a private key) into the System keychain?
  I can load the certificate if it doesn't have a private key, but then Internet Connect won't recognize it as a valid machine certificate. It seem Internet Connect only looks in the shared System Keychain for certificate for the L2TP over IPSec certificate authenticated protocol.
  I tried manually loading a Keychain that had a machine certificate in it already, but I ran into the old problem of the System Keychain requesting a password that nobody knows and when racoon tries to get the certificate from the System keychain it can't and fails.
  mtennes@asher:>>sudo /usr/sbin/systemkeychain -v -t
  Testing system unlock of /Library/Keychains/System.keychain
  (If you are prompted for a passphrase, cancel)
  System unlock is NOT working
  If I create a fresh System keychain that can be unlocked automatically I can't load a valid machine certificate with a private key into the System keychain, I can however load that same certificate into any keychain I create or event the X509Anchors keychain, but of coarse Internet Connect doesn't look there.
  mtennes@asher:>>sudo rm -rf System.keychain
  mtennes@asher:>>sudo /usr/sbin/systemkeychain -v -C
  /Library/Keychains/System.keychain installed as system keychain
  mtennes@asher:>>sudo /usr/sbin/systemkeychain -v -t
  Testing system unlock of /Library/Keychains/System.keychain
  (If you are prompted for a passphrase, cancel)
  System unlock is working
  Any ideas?
  PowerMac G5 2.7GHz DP   Mac OS X (10.4.6)   thawte Web Of Trust Notary

  How about using
  sudo systemkeychain -v -k /Library/Keychains/System.keychain -C "password"
  where “password” is the new keychain password that you want to give to the System keychain?
  That way you should be able to unlock the System.keychain to add whatever you need to add to it, because now you know the password.
  Ronald

• Should the passwords in 'System keychain' (in Keychain Access) normally be accessible to the owner/administrator?

  Should the passwords in 'System keychain' (in Keychain Access) normally be accessible to the owner/administrator or not?
  If not, would it be possible to gain access via the Root Account?
  I can access the passwords in 'Login keychain' (in Keychain Access). But when I try to access the passwords in 'System keychain' I'm asked for the Keychain Access password! I've never set such a password. I've only ever used one password - my owner/administrator password. But this isn't accepted when I try to access the passwords in 'System keychain'.
  Please note, this question was previously posted in the OSX Tiger forum but no-one offered an answer
  Thanks,
  iHope

  Seems this is a characteristic of the system keychain.
  Check out this thread...and furtwanglerian's response....
  http://discussions.apple.com/thread.jspa?messageID=8767033&#8767033
  closed

• What is the system keychain password?

  Every single time I logon to my PB12, an alert pops up asking me for the system keychain password. I have tried the only password on this system but it tells me that is invalid.
  I click cancel and everything works fine. It is 'Airport' that is causing it to ask, becuase until I click cancel airport remains inactive.
  Why is it asking for the password?
  Why won't it accept the only password I have on this system?
  Why does it ask, when clicking cancel makes it work fine anyway?
  What a pain in the (bottom) this is.

  I have a similar problem myself. I can unlock the "System.keychain" keychain, but if I want to move items around, it asks me for the password again.
  When I press the unlock button, it asks for the password for my full user name. And that one works, the keychain unlocks. But an unlocked keychain doesn't really let you do much administration on it. You must enter its password for any administration tasks. And that's when I get stuck: the system doesn't accept any password I know of, not even the empty password.
  But I can delete items. So I can delete the item, then recreate it in the other keychain.
  It seems like the system keychain is like a group, that can contain references to keys so that the whole system can use that key. But is it really like this, or is a copy of the key created, when a key automatically gets into the sytem keychain (like the airport keys)?
  PowerBook 12" Mac OS X (10.4.4)

• Can I remove all but the last "Mac OS X Server certificate management" application password from my System Keychain?

  I am slowly nursing a broken Montain Lion Server back to health. The problems started with a name change days ago then went sour, probably because of some stuff in the keychain that tripped the commands up.
  I have now a trusted Root CA in my System Keychain which has signed my wildcard Certificate for my domain and all my services are protected by this wildcard certificate. Creating and installing that certificate helped me back (slowly) but there are still problems to solve
  I also have set the com.apple.servermgrd identity preference to this (now trusted) wildcard certificate a few minutes ago
  I am busy cleaning as much as possibe of junk from my Keychains to improve stability, of course without damaging things (I hope)
  There are 19 "Mac OS X Server certificate management" application passwords in my System Keychain.
  12 are from 9 days ago when I installed this clean OS X Mountain Lion Server for the first time, created within a minute during server install.
  1 from 6 minutes later, maybe when I turned on a Service
  2 are from that day, but 2 and 3 hours later (also probably because of something I did in Server.app, like enabling a service)
  1 from 2 days later (probably when I tried to change the server name/domain)
  1 from again 5 days later (probably when I tried to change the server name/domain again)
  1 from yesterday, when I changed the servername
  1 from today, when I changed the server name again.
  What are these application passwords for and can I safely remove all but the last one? What are they for?

  I went ahead and remove them a month ago. So far, there don't seem to be any issues. As long as you double-triple-check that the hash-number in those "Mac OS X Server certificate management" keychains _aren't_ in the filename of any of the *.pem files in the /etc/certificates folder, you can delete those orphan keychains.

• Comcast POP Server Rejecting Password & Now Dysfunctional (Keychain?)

  I'm starting a new thread because a related topic "POP server rejecting password" is marked answered, but for Charter, which solution will not work with Comcast. Comcast has advised that some problems are stemming from internal changes (commencing near the end of November 2007) mandated by the FCC to improve security. But, given that I can access the Comcast email account remotely via my Treo Smartphone (using Sprint), and via Comcast Webmail, makes me think that my Mac (OS 10.4.8) and/or Mail application may also be culpable.
  I specifically am having a problem with a Comcast email POP server, but not two other POP inboxes hosted by another, unrelated ISP, also managed by Mail.
  When I open Mail, the Comcast mailboxes (both inbox and sent) are grayed out with a ~ next to them--I've never seen a ~ before. The other two mailbox pairs (the non-Comcast ISP) work normally. Selecting Mail's Connection Doctor produces the results: "Connection and login to server succeeded" for the Comcast POP and "Connection to server succeeded, no login required" for the Comcast SMTP--no difference when compared with the results for the other, non-Comcast ISP mail accounts. This is notably different from posts in the other thread.
  Historically, I'd occasionally (perhaps monthly or so) get the popup request "Enter Password for Account..." Comcast previously conveyed that such treatment is normal. I perhaps could have alleviated this by adding the response to the keychain, but never bothered. Problems began yesterday when typing in the correct password resulted in the same request, repeatedly without end.
  Called Comcast tech support (three times now), verifying that the Mail application is set up OK. They acknowledged that they were experiencing some server outages, but that was unlikely the issue since I could access such via Comcast webmail. Of course, they referred me to Apple--my Mac "had to be the problem."
  The other topic suggested, perhaps, that keychain was at fault. So, using the Keychain Access utility, deleted all items. I was motivated to do this anyway based on speculation last week by the Trash It scriptware developer that I may have keychain corruption, as regarded another, hopefully unrelated problem, now resolved, having to do with attempting to eliminate "localized.rsrc" files from the trash via the Terminal command "sudo rm -R ~/.Trash/*" returning the error "...(my formal user account name) is not in the sudors file."
  Pulling my hair out on this one.

  Comcast fixed the problem they were having with their server(s). No explanation, of course. Guess the problem was theirs entirely--no fault on our side.
  Thanks David for your insight on what the (~) meant. Tried going online, but upon Mail checking, the affected mailbox immediately again went back offline--at least until Comcast fixed its end.
  As regards the POP servers, yes I suspect there are intervening servers (PoP or otherwise) between users and the underlying database holding the email. All Comcast would acknowledge is that customer service representatives access the same customer email repository as do individual customers themselves, whether by POP or Webmail (Duh).

• OS X keeps asking for System keychain password in order to do 802.1X authentication

  In order to join a corporate WLAN that uses WPA2 with 802.1X / EAP-TLS, I added the company's root certificate to the System keychain and set the trust level to always trust this certificate. I then added the client certificate that was issued for my computer. I set the trust level to always trust this certificate as well. Finally, I added the WLAN network, choosing Security: WPA2 Enterprise, Mode: EAP-TLS, Identity: the newly added client certificate, and username: the domain name of my computer. This setup works - I can connect to the WLAN network.
  My problem is that the system always asks me for the System keychain password before the WLAN connection can be established. This seems to be during the 802.1X authentication phase. What do I need to change so that this is not required? Or how can I at least find out which System keychain item it is that cannot be accessed without the password?
  Im using a MacBook Pro with OS X 10.10.1, but I also had the problem back on 10.9.
  If I remember correctly it started whenI received a new client certificate in the summer. But I am not able to say what I might have done differently with the old certificate so that the password was not required back then.

  i'm having the same problem at home. i had problems with my keychain before, because i deleted the system keychain. i recently learned how to replace it, which worked. however, my computer is not remembering the password to my home wireless connection. even when i put the computer to sleep and wake it, it becomes disconnected and never automatically re-connects. i have to again select my network and then re-enter the password, every time. how do i fix this ?
  +

• Airport password created in login and system keychain both..

  Hey,
  I've been having a few vexing problems with my new MacBook 2.16 running 10.4.6 that I was hoping that I might get solved on here. I've been unable to get my machine to use the airport password in the system.keychain. If it's not in the login.keychain, it doesn't work. I've tried deleting and re-creating the keychain using systemkeychain -vfCt and it still doesn't work. Anybody have any ideas? I'm downloading the Combo 10.4.6 updater to see if that corrects the problem. I've already tried to repair permissions.
  If I elect to save the password to an airport network, it is saved in both the login and system keychain and I'm not sure if this is the correct behavior.

  I've applied the 10.4.6 Combo updater, no affect upon the problems that I've been having with airport. It just won't seem to use a password stored in the system.keychain for some reason.

• TS1544 Changing system keychain password

  I've changed my login password in my keychain - to something more secure than the password hurriedly set up at purchase.. I am unable to change the system keychain password to match my new administrator/login keychain password. I have an admin account and my own user account, both with administrator privelages. Any ideas?

  Thanks baltwo
  To clarify, I only have one admin account, just changed the login keychain password and account password to be something more secure.
  Does this mean I have to delete/remove the admin user account to delete the sytem.keychain? or can I delete the system keychain only without having to rebuild a new account....If the latter, do I just find the MacintoshHD/Library/Keychains/system.keychain and delete? I can't imagine it's that simple.

• Change Change System Keychain Password

  I can unlock the system keychain but when I choose "Change Password for Keychain "System"..." it tells me "Sorry, you entered an invalid password"
  Why?

  You probably didn't create a password for your System keychain!!!
  Take a look at this: http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/ManPages/man8/systemke ychain.8.html
  According to Apple, the System keychain normally doesn't have a known password and passwords to items in the System keychain are only unlockable by the system! It is possible to force creation of a new System keychain via the Terminal, and specify a password of your choice, but I'm not sure you really want/need to do that. If you think an item on the System keychain may have an old or unneeded password, you're always able to delete the item from the keychain. If it needs to be there, it'll get added again in the normal course of things...
  To repeat: Not being able to manually view the passwords stored on the System keychain is normal, expected behaviour.

• System keychain password not recognised

  I am trying to view some wireless network passwords via Keychain Access. I can access and view my user Keychain but when trying to view items listed under the System Keychain I am asked for a password, which when entered comes up an invalid. I can lock and unlock the System Keychain, but this password does not work when trying to unlock items within it.
  I am the only user on my computer and I have only one password...the one I use for my user account (which has admin status).
  I did have a problem a few months ago when I had to recreate my user account. I created another admin level user using a new name and then physically transfered all of the folders from the old user across to the new user. I then changed all of the access priveleges for the stuff I transfered. I can't understand how this could be effecting the current problem because both the old and new user accounts shared the same password.
  Having upgraded my computers over the years I have had to migrate a number of times, however, I have always used the same password.
  Why should the System Keychain have a different password to the admin level user on a computer with one user?
  Any thoughts.
  Kind regards

  Sorry you have not gotten a response for this problem. I found your post when searching for an answer to my problem, which turns out to be (it would appear) the same one you're experiencing.
  Password works great for my login, "invalid" for my "system" keychain. I can unlock my "system," but it will not let me use the same password to view the network password that is stored in "system."
  Keychain First Aid reports no problems.
  I'd love to delete the whole mess- a previous problem has resulted in me having two "system" and two "login" keychains- I spent hours on the phone with AppleCare several years ago trying to clear that up, but I have too many passwords stored in here to delete them all.
  I have the same number of items in both "system" keychains, and the same number in both "login" keychains. When I delete an item form one "login," both report having one less item. When I drag an item from another keychain to the "login" at the top of the list, it is the other one that is highlighted and accepts the item, but both then show the increased number of items.
  I don't know if this is related to the problem, or if it is just another complication to it, or if it has absolutely nothing to do with it.
  Hopefully someone has an answer that will make both Mr Badger and me happy.
  Thanks. Joel.
  17 Al 1.67   Mac OS X (10.4.8)  

• System keychain items not revealing password

  Hello,
  I cannot reveal/delete passwords in system keychain anymore. I installed Yosemite and I changed the username&homefolder for my admin account. When I try to access items, ticking on the Show Password box, it remains grayed out for a few seconds, then asking me for my admin username&password, and when I enter it the box is still not checked and it doesn't show anything.
  I tried the Keychain First Aid, resetting login keychain, but it doesn't change anything.
  I appreciate your help!

  Sorry you have not gotten a response for this problem. I found your post when searching for an answer to my problem, which turns out to be (it would appear) the same one you're experiencing.
  Password works great for my login, "invalid" for my "system" keychain. I can unlock my "system," but it will not let me use the same password to view the network password that is stored in "system."
  Keychain First Aid reports no problems.
  I'd love to delete the whole mess- a previous problem has resulted in me having two "system" and two "login" keychains- I spent hours on the phone with AppleCare several years ago trying to clear that up, but I have too many passwords stored in here to delete them all.
  I have the same number of items in both "system" keychains, and the same number in both "login" keychains. When I delete an item form one "login," both report having one less item. When I drag an item from another keychain to the "login" at the top of the list, it is the other one that is highlighted and accepts the item, but both then show the increased number of items.
  I don't know if this is related to the problem, or if it is just another complication to it, or if it has absolutely nothing to do with it.
  Hopefully someone has an answer that will make both Mr Badger and me happy.
  Thanks. Joel.
  17 Al 1.67   Mac OS X (10.4.8)