Comments on: Keychain Access From Shell

By: Lord Anubis

Lord Anubis — Thu, 31 Dec 2009 23:57:40 +0000

Hi,

Thanks for the explanation, but I'am looking for a way to get a system key. Do you know how to get that working, I have no clue how to do that.

Thanks in advance

By: cube

cube — Fri, 20 Feb 2009 00:34:15 +0000

you want service: instead of where:

cheers!

By: Mark

Mark — Tue, 08 Jul 2008 02:00:12 +0000

@ Drew, Have had limited luck with that. Looks like this: tell application "Keychain Scripting" Make new key with properties {Name:"network name", Kind: "AirPort network password", where: F0413E9D-10F0-4968-8D58-F372AA6054C3, password:"password"} end tell

It doesn't like the 'Where' item - which i assume is the SSID or something of the network (These properties are pulled out of keychain access). WHen i remove 'where', it compiles ok, but when run it says "Can't make class key'. Where am I going wrong?

By: drew

drew — Mon, 07 Jul 2008 20:34:25 +0000

@ Mark, You would be better off using Keychain scripting via Apple Script to create the key. something along the lines of Make new key with properties …

Then distribute it as an app and run via Remote Desktop, and remove it since it can recreate the password keys on any mac, it's a potential security risk.

By: Mark

Mark — Mon, 07 Jul 2008 02:29:04 +0000

Hi – been a while since a post – but im looking to ADD a new item to the keychain through the security command – to be pricise a wireless password. We have 400+ MBP's and our wireless credentials will change – we want to be able to roll out the wireless password to all these users without having to distribute passwords/get them to do it. ANyone have any idea how we could do this through the 'Security' command?

By: Christian

Christian — Tue, 22 Jan 2008 01:00:40 +0000

You can also trim the ruby part and do with pure shell (bash needed):

pwline=$(security …) # read the pw pwpart=${pwline#*\"} # strip the leading quote echo ${pwpart%\"} # strip the trailing quote

This won't help with the hex encoding though.

By: Ian Boardman

Ian Boardman — Wed, 02 Jan 2008 20:37:19 +0000

At least for me, in remote login, even after unlock is performed, still get "User interaction is not allowed." I'm running the latest version of MacOS 10.4.

By: Stefan

Stefan — Wed, 21 Nov 2007 08:31:16 +0000

@Matthew: When using via SSH you have to unlock the keychain first in the script or else with: security unlock-keychain -p ' '

By: Shell Account

Shell Account — Tue, 29 May 2007 09:53:40 +0000

Great scripts! Thanks Allan.

By: paul

paul — Tue, 16 Jan 2007 09:33:58 +0000

I'm writing to verify the security: SecKeychainFindGenericPassword: User interaction is not allowed. bit. Also, this page is the only hit in google for

security find-generic-password "User interaction is not allowed."

The app needs a console user, which doesn't make sense for a commandline app, but we work with what we got.