Posts Tagged ‘keychain’

TelePort NFS Home Directory

Posted in Mac OS X, Solution on 01/11/2008 03:59 pm by jmccune

TeleportI usually compute with n-tupel of Mac computers sitting in front of me. I have a strong aversion to clutter, despite the state of my apartment, and the power of Teleport providing seamless, encrypted keyboard sharing, a-la so called “soft KVM” utilities is a killer app for me.

Alas, I’ve found that Teleport does not work as expected when operating from an NFS Mounted Home Directory.

Trying to connect to my Laptop, nutburner (Yes, nutburner is the given name of my first generation MacBook Pro), I received the following error.

Teleport Keychain Access

UNKNOWN wants permission to sign using key “privateKey” in your keychain. Do you want to allow this?

On a working host, e.g. two machines with file vault home folders, that “UNKNOWN” will actually display as “teleportd”. I suspect whatever logic Apple is using to verify the authenticity of program binaries doesn’t work as expected over NFS.

After clicking “Always Allow” twice, I get the following error:

Teleport Connection Error

I synchronize my login.keychain, so the private key and certificate are identical between these two hosts, leading me to believe a certificate algorithm mismatch is unlikely.

In any event, my solution was to simply redirect the teleport.prefPane to a local HFS+ volume using a symbolic link.

# /Scratch is a local HFS+ volume.
mkdir -p /Scratch/mccune/Library/PreferencePanes
mv ~/Library/PreferencePanes/teleport.prefPane \
  /Scratch/mccune/Library/PreferencePanes/
ln -s /Scratch/mccune/Library/PreferencePanes/teleport.prefPane \
  ~/Library/PreferencePanes/teleport.prefPane

Once teleport.prefPane resided on a local HFS volume, everything “just worked” perfectly.

As an alternative, you could deploy the prefPane to /Library/PreferencePanes to make teleport available to all users of the system.

 

Show Password from System keychain

Posted in Mac OS X, Solution, System Administration on 10/08/2007 07:07 am by jmccune

Keychain UnlockedI tried retrieving the password for a wireless network I’d joined sometime in the past. To do this, I went into Keychain Access, selected the System keychain, and asked it to Show Password for the networking in question.

As it turns out, the system keychain is protected with a shared secret which I believe is maintained in /var/db/SystemKey. This is a binary file, so it’s not very easy to pull out the password in a form that can be entered in the dialog box Keychain Access presents.

As a work around, I found a nice hint [1] that uses Keychain Scripting to copy the password to the clipboard. Here’s the Apple Script I’m using. Please not that the first character of a WEP key appears to be $, which should be discarded.

display dialog "What key?" default answer ""
set theKeyName to the text returned of the result
tell application "Keychain Scripting"
	tell keychain "System.keychain"
		set theKeyList to every key
		repeat with k in theKeyList
			if the name of k is theKeyName then
				set TheKeyValue to the password of k
			end if
		end repeat
	end tell
end tell

set the clipboard to TheKeyValue

display dialog "Copied " & length of TheKeyValue & " chars to clipboard." with icon note buttons {"OK"} default button "OK"

[1] 10.4: AirPort and System.keychain password solution