<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>There is a command called "security" that I've bumped into that modifies keychains; an answer may lie within it.</div><div><br></div><div>The PyMacAdmin project is also working on a tool to work with Keychains; the source appears to be at <a href="http://code.google.com/p/pymacadmin/source/browse/trunk/lib/PyMacAdmin/Security/Keychain.py">http://code.google.com/p/pymacadmin/source/browse/trunk/lib/PyMacAdmin/Security/Keychain.py</a> . The project is still in its early stages.</div><div><br></div><div>Cheers,</div><div>Clinton Blackmore</div><br><div><div>On 2-Apr-09, at 8:03 AM, Miles Leacy wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">A logout policy will do the same thing, you'll just need to use the explicit paths rather than the relative ones.<br clear="all"><br><br><br> <br><br><div class="gmail_quote">2009/4/2 Eric Young <span dir="ltr"><<a href="mailto:eyoung@thayer.org">eyoung@thayer.org</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> <div style="word-wrap:break-word">Rats now I need to dig into logout hooks.... the simplest answers always lead to more reading :-)<div class="im"><br><div> <span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div style="word-wrap:break-word"> <div><div><div><div><div><br><br></div><div><br></div><div>--------------------------------------------------------------------------------------------</div><div>I must not fear. Fear is the mind-killer. </div><div>Fear is the little-death that brings total obliteration. </div> <div>I will face my fear. I will permit it to pass over me and through me. </div><div>And when it has gone past I will turn the inner eye to see its path. </div><div>Where the fear has gone there will be nothing. </div><div> Only I will remain. </div><div>--Bene Gesserit Litany (Frank Herbert)</div><div>--------------------------------------------------------------------------</div><div>Eric Young</div><div><a href="mailto:eyoung@thayer.org" target="_blank">eyoung@thayer.org</a></div> </div></div></div></div><br><br></div></span> </div><br></div><div><div></div><div class="h5"><div><div>On Apr 2, 2009, at 8:49 AM, Criss Myers wrote:</div><br><blockquote type="cite"><span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Helvetica;font-size:14px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div style="font-variant:normal;margin-top:4px;margin-bottom:1px;margin-left:4px;line-height:normal;margin-right:4px"> <div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">Hi</font></div><br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">Yes i use a logout.hook to delete the keychain, this solves the problem,</font></div> <br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">The login keychain is unlocked at login so if the user changes the password after login this has no effect on the keychain, then delete the keychain at logout so that next time the user logs in a new chain is created with their new password,</font></div> <br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">add this to your logout hook</font></div><br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">################################</font></div> <br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">#Delete the Users Keychain</font></div><br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">echo Removing keychain</font></div> <br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">rm ~/Library/Keychains/login.keychain</font></div><br><br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">#record this will a log file</font></div> <br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">touch ~/Library/Login/Reset.rft</font></div><br><div style="margin-top:0px;margin-bottom:0px"><font face="Lucida Grande" size="3">echo "Done"</font></div> <br><br>Criss Myers<span> </span><br>Senior Customer Support Analyst (Mac Services)<span> </span><br>Apple Certified Technical Coordinator v10.5<span> </span><br>LIS Business Support Team<span> </span><br>Library 301<span> </span><br> University of Central Lancashire<span> </span><br>Preston PR1 2HE<span> </span><br>Ex 5054<span> </span><br>01772 895054<br><br></div></span></blockquote></div><br></div></div></div><br>_______________________________________________<br> Casper mailing list<br> <a href="mailto:Casper@list.jamfsoftware.com">Casper@list.jamfsoftware.com</a><br> <a href="http://list.jamfsoftware.com/mailman/listinfo/casper" target="_blank">http://list.jamfsoftware.com/mailman/listinfo/casper</a><br> <br></blockquote></div><br> _______________________________________________<br>Casper mailing list<br><a href="mailto:Casper@list.jamfsoftware.com">Casper@list.jamfsoftware.com</a><br>http://list.jamfsoftware.com/mailman/listinfo/casper<br></blockquote></div><br>
</body></html>