Some Macs at Lehigh are configured to accept Lehigh passwords for login, that is, they are bound to the Lehigh Active Directory domain similar to Windows-based PCs. This is handy for shared systems, but creates some extra work when Lehigh account passwords are changed. The MacOS stores users' website passwords, wifi passwords, and file server passwords in a database file called a 'Keychain'. Normally, this file is created when the user first logs into their account on the Mac, and it is encrypted and secured with the password that the user entered to log in. At Lehigh though, user account passwords must be changed on a regular basis.
When a Lehigh user changes their password, they will be able to log into the Mac using the new password, but the password in the keychain file on any individual machine has not yet been changed. So, immediately after logon, MacOS attempts to open the keychain file, and, when it's unable to open it with the new password, it asks the user whether they'd like to either:
- Continue the logon (ignore the issue for now), or
- Update the password on the file, or
- Create a new keychain file.
To update the password, the user must type in the password that was used to create the keychain file. Usually, this is the user's _previous_ password, but could be older, depending on the last time the user accessed this machine. Sometimes this process fails, and in this case, the easiest response is to select the third option, and create a _new_ keychain file. With this option, the old keychain is deleted, and a new one is created, and encrypted with the user's current password.
Sometimes, however, _both_ options fail (the file itself becomes corrupted or lost, or the password used is forgotten). In this case, one must select 'Continue' from the dialog box. Most often, MacOS will continue to attempt to open the login keychain again, either when opening a web browser, or connecting LAN drives, and repeatedly repost the dialog. To alleviate this issue, one must either manually delete the old 'login' keychain or change it's password using the Keychain Access program by following the steps below: