Hi David, Thanks for all of the information. I have had an account at work for about 35 years, so I am definitely an old timer. It's about time to change my password, so (as you suggested) maybe that will solve my problem. Thanks,
Gregg -----Original Message----- From: David Schwartz <da...@yesdavid.com> Date: Friday, March 30, 2018 at 10:04 PM To: "macosx-talk@omnigroup.com" <macosx-talk@omnigroup.com> Subject: Re: Local Items keychain asking for password So here's what I've experienced: On a Macintosh bound to an Active Directory server _and_ with an MDM profile that requires a passphrase that confirms to a particular recipe. The user(s) had been in this enterprise for a long time; over time the security team had tightened the requirements for new passphrases but allowed existing passphrases to remain valid. When the machines were updated to Sierra, the MDM profile requiring the new, stronger passphrases prevented the Keychain from being satisfied with the older, less secure passphrase. Might have been a bug with the MDM vendor, I don't know. The solution I used was to have the users change their passphrase to conform to the new security recipe. After that the machines behaved normally without keychain prompts. If your enterprise has an online form to change your directory passphrase, you might be able to test the theory by entering your existing passphrase in the "new passphrase" field and see if it's accepted (again, depending on the systems you have in place; a well designed system will give a failure message when you tab out of the field). Or you can just change your directory password to something that satisfies current enterprise policies and see if that solves your issue. The newer you are in your employment the less valid this theory, but that's none of my business. -david > On Mar 30, 2018, at 11:04 AM, Dinse, Gregg (NIH/NIEHS) [C] > <di...@niehs.nih.gov> wrote: > > At the bottom of the Login Options panel, there is a line that I don't > remember seeing before. It says "Network Account Server" with an entry for > NIH and a green dot, so I'm guessing that my machine is bound to a directory > server, as you suggested. > > Is this requirement to provide a password just the cost of doing business > this way? I doubt that I am allowed to change this. > > Thanks, > > Gregg > > On 03/30/2018, 1:59 PM, "David Schwartz" <da...@yesdavid.com> wrote: > > Yes there is. > > System Preferences->Users & Groups->Login Options. > > If you don’t use the same login and password to log into other Enterprise > resources (servers, web apps, etc) then it’s probably not. > >> On Mar 30, 2018, at 10:55 AM, Dinse, Gregg (NIH/NIEHS) [C] >> <di...@niehs.nih.gov> wrote: >> >> It certainly could be, but I do not know how to check. Is there a simple >> way to check this? >> >> On 03/30/2018, 1:53 PM, "David Schwartz" <da...@yesdavid.com> wrote: >> >> Is your machine bound to a directory server? >> >>> On Mar 30, 2018, at 10:51 AM, Dinse, Gregg (NIH/NIEHS) [C] >>> <di...@niehs.nih.gov> wrote: >>> >>> Hi, >>> >>> I am running MacOSX 10.12.6 (Sierra) on a mid-2010 Mac Pro tower. I >>> recently upgraded from 10.10 to 10.12 and my problem started about that >>> same time, though this is on my machine at work, so I don't know if this is >>> related to the OS upgrade or some other change that the IT folks may have >>> implemented. >>> >>> Now when I start up Safari, I often get a panel that pops up and says >>> "Safari wants to use the Local Items keychain" and requires me to enter a >>> password. This never happened until recently. It's not a big deal to >>> enter a password, but I'm curious about why this is now happening and I >>> would prefer to not have to enter a password (about half of the time I >>> start up Safari). Does anyone know what is going on and how to fix this? >>> >>> Thanks, >>> >>> Gregg _______________________________________________ MacOSX-talk mailing list MacOSX-talk@omnigroup.com http://www.omnigroup.com/mailman/listinfo/macosx-talk