6

After upgrade to OS X El Capitan I keep having problems with the keychain (such as needing to enter the keychain password every time an app wants to access the keychain, even though auto lock settings are off, and Keychain Access app shows it's unlocked already).

In Keychain Access app whenever I try to run Keychain First Aid on my login keychain I get this:

Verification started
Checking keychain configuration for kornel (user ID=501)
Home directory is /Users/kornel
Checked login keychain
Checked settings for ~/Library/Keychains/login.keychain
Keychain can't be unlocked automatically. Please attempt to unlock ~/Library/Keychains/login.keychain from Keychain Access.
Checked default keychain
Checked contents of ~/Library/Keychains/login.keychain
No problems found
Verification completed

The problem is that my keychain appears to be unlocked already, and starting the First Aid locks it.

How can I stop the keychain from locking itself? Or rebuild it without losing saved passwords?

Kornel
  • 1,325
  • 1
  • 13
  • 20
  • Not really an answer, but this is based on a weird personal experience... Check who the owner of the keychain file appears to be. It should be you, yet it can manage to get itself set to root. If you chown it & reboot, it will go back to root, but in the meantime you might be able to get it to behave. Once you do, then it will stop reverting to root. [This was on Yosemite... idk how SIP is going to mess this up even more] – Tetsujin Oct 08 '15 at 07:25

4 Answers4

3

I've found the culprit: Junos Pulse VPN software (5.1) breaks the keychain and system CA certificates in OS X 10.11.

I've deleted Junos Pulse completely, and the system is happy now.

Kornel
  • 1,325
  • 1
  • 13
  • 20
  • What did you do to deleted it completely and did you have to do anything to repair the keychain/system CA? I have resorted to single-user mode to remove from /Applications but still have the same error and inability to unlock some preference pages. – Sam Brightman Oct 12 '15 at 13:23
1

Happening to me a well. However, I've never installed any app call Junos Pulse VPN. Tried deleting my keychain and even starting from scratch and same issue persists. Just started happening the other day and now I can't access most apple apps such as Software Update, iTunes, iBooks etc because without keychain working everything is broken.

TechRemarker
  • 111
  • 3
0

I saw something like this back in 10.6 or 10.7 for a single user, hopefully this will help.

  1. Go into Keychain Access.
  2. From the Edit menu, Choose Keychain Settings (Make sure Login keychain is selected).
  3. Check the "Lock after xx minutes of inactivity" is not turned on, or alternatively is a reasonable (eg. Make than 5 minutes) amount of time.
  4. Save the setting

Also check the Keychain Preferences, particularly:

  • Synchronize Login Keychain password with account

  • Set login keychain as default (should be checked)

    • Benjamin
Benjamin Schollnick
  • 4,409
  • 18
  • 19
0

My IT folks think Pulse 5.1.5 might fix this. I reset the keychain and un-installed the older version of Pulse when it broke the keychain. With the new Pulse 5.1.5 I can now log into the VPN. However, I still get the "Keychain can't be unlocked automatically. Please attempt to unlock ~/Library/Keychains/login.keychain from Keychain Access." error.

scidoc666
  • 1