Q&A: Locking keychain

Q Every time that my MacBook4,1 13″ starts up, it warns me that AppleIDAuthAgent wants to use the “login” keychain, and I have to enter my password. I get a similar prompt when starting Mail. Changing the settings in Keychain Access has not helped this. Although not a show-stopper, this is quite a nuisance. How can I fix it?

A You are seeing this prompt because the ‘login’ standard user keychain is being automatically locked for you.

This could be the result of a third party application messing with the keychain. Some apps purporting to help with security or to clean your Mac can do odd things like this, particularly if not kept up to date. A quick way of disabling many of them is to restart with the Shift key held down, to see if that affects it. If it makes the behaviour go away, you will then need to turn detective to work out which utility is to blame.

Some authentication problems like this were reported in those with old .mac or .me accounts after upgrading to iCloud. These should vanish if you turn iCloud off.

You may also spot clues if you restart, authenticate as prompted, then browse your logs using Console: the reason for the authentication prompt may be given there.

A common cause of any preference settings not behaving properly is a corrupt preference file, in this case com.apple.keychainaccess.plist in your ~/Library/Preferences folder. Try moving that file into another folder, such as ~/Documents, and restarting. When you set Keychain Access controls on the login keychain, they should now stick properly, and you can then trash the old, moved preferences file.

If none of these tricks gets you any further, there could be a problem left from the last OS X update. If running an older version of OS X, it is always worth downloading and installing the latest Combo update to see if that fixes the problem. This had become something of a universal panacea, and sometimes works. However with more recent versions of OS X, the nearest equivalent is to re-install OS X, which is a more substantial undertaking with dubious returns.

The final option to pursue is that your keychain has become damaged. If repairing it using Keychain Access does not help, you could try creating a new keychain, copying and pasting the contents of the login keychain to that, and swapping in the new keychain. Do that by moving your old login keychain out, and renaming the new one to read ‘login’.

Comments Further details of keychains are in this article.

Updated from the original, which was first published in MacUser volume 28 issue 13, 2012.