Mac OS X’s Keychain management: definitely not right

Posted by Pierre Igot in: Macintosh
October 17th, 2003 • 5:02 pm

A while ago, I wrote about the annoying fact that, after a system upgrade, Mac OS X would ask me to re-authorize programs such as Mail and Safari to access information stored in my keychain.

The same thing happened again when I upgraded to Mac OS X 10.2.8. People commented on the fact that this is justified because the applications (Mail, Safari, etc.) are updated themselves, and asking for my authorization again whenever an application is modified or updated is a safety precaution. In a way, Mac OS X is asking me to confirm that I trust Apple to have provided me with an application UPDATE that doesn’t raise safety issues regarding my private, Keychain-protected information.

I can understand this, even though I wish the interface for the re-authorization process would make this clearer (and more convenient).

But now I’ve just installed QuickTime 6.4 on my machine, which, as always with QuickTime, required a restart of the computer. I restarted it, relaunched Mail and Safari and — guess what? For both applications, Mac OS X asked me to re-authorize access to the keychain again.

Now why did it do that? I didn’t install an UPDATE that modified Mail or Safari. I just installed a QuickTime update. The Mail and Safari applications are, as far as I can tell, the same as they were before the update. There is, therefore, no reason for Mac OS X to ask me to re-authorize access to my keychain.

Yet it does.

It’s small details such as this one that make many users still feel that they don’t really control what their computer does with their information. I am fortunate enough to have a degree of experience with computers, and to know that such issues are just interface quirks. But what about users less familiar with computers? They are encouraged to use supposedly user-friendly features such as the Keychain, yet these features remain puzzlingly unintuitive in several respects.

4 Responses to “Mac OS X’s Keychain management: definitely not right”

  1. ssp says:

    Same answer as before, I suppose.

    QuickTime changed, the applications you mention link to Quicktime. Thus their prebinding will be updated as well.

    I guess googling around for ‘prebinding’ will reveal some more detailed information.

  2. Pierre Igot says:

    I guess it’s a case of technical issues getting in the way of the UI.

  3. Karl and Nancy Stoll says:

    Keychain headaches ongoing here with no end in sight …
    The following statement in the the article The Mac OS X Keychain Service <;
    is not true, I am so very afraid. “Users can have multiple distinct keychains, but every user starts out with a single keychain, considered that user’s default keychain. The name and password for this default keychain is the same as the user’s login name and password. This allows for that keychain to be automatically unlocked upon login.”
    My husband’s mac will not allow him to use the keychain. He has never done anything to it, but it is locked. His logon password does not open it. We are at wit’s end.
    We tried Keychain First Aid which did not help.
    We tried to reset the user & pw using the os X install cd and that failed to help either.

  4. Pierre Igot says:

    Did you try simply trashing the keychain file itself, logging out and logging back in?

    The file is in his home library, inside the “Keychains” folder.

    PS: I don’t recommend including email addresses in full view in your comments. Any address-gathering spam robot can pick them up and put you on spam lists. See my post today about this issue.

Leave a Reply

Comments are closed.