Mac Keeps Asking for Login Keychain Funny
| Site Map | .com | .us | .ml | .mobi | .net | .org The Definitive Source for Everything CAC C ommon A ccess C ard help for your P ersonal M ac C omputer | |
APPLE COMPUTER - HOW TO CLEAR THE LOGIN SECTION OF KEYCHAIN
If you have problems accessing websites with your CAC please try the following ideas.
Ideas 1, 2, & 3 are for Safari & Chrome users
Firefox users go here
Idea #1: Manually delete the websites you are having problems accessing.
This also helps if you lost access [for no apparent reason] to sites you access with your CAC.
Step 1-1: Click: Go (top of screen), Utilities, double click Keychain Access.app
(You can also type: keychain access in Spotlight (this is my preferred method))
Step 1-2: Select login (under Keychains), and All Items (under Category) see image below. You will see all items that are being saved in your Keychain Access. These can include settings for your home Wi-Fi network and / or CAC websites / Identity preferences that you have visited and used your CAC on previously.
Step 1-3: Click the column heading titled Kind, scroll down to Identity preference, Delete all CAC enabled websites you are having problems accessing. You can hold your control key and click your single button Mac mouse and select Delete, or if you have a two button mouse right click and select Delete.
Example of mail.mil entries to remove. You will see something different than "mont"
NOTE: Yours may or may not have a red circle with a white X 
Big Sur (Mac OS 11.x) view
All other versions of Mac OS view
NOTE for Mac OS Big Sur, Catalina, Mojave, High Sierra & Sierra users , if you have attempted to access websites using the built in Smart Card ability in Mac OS, (example: did not install CACKey, Centrify Express, or PKard), then in the Kind column look in the Certificates area for the entire web address. This is what you will remove because the built in does not enter in the Identity Preference area.
Some of the same "bad certs" that have caused problems for Windows users are showing up in the keychain access section on Macs. These need to be deleted / moved to trash.
The DoD Root CA 2 & 3 you are removing have a light blue frame, leave the yellow frame version. The icons may or may not have a red circle with the white x
 | or |  | Common Policy | certificate | ||||
| | or | | DoD Interoperability Root CA 1 | certificate | ||||
| | or | | DoD Interoperability Root CA 2 | certificate | ||||
 | DoD Root CA 2 NOTE: only remove blue | certificate | ||||||
| | DoD Root CA 3 NOTE: only remove blue | certificate | ||||||
| | or | | Federal Bridge CA 2013 | certificate | ||||
| | or | | Federal Bridge CA 2016 | certificate | ||||
| | or | | Federal Common Policy CA | certificate | ||||
| | or | | or | | SHA-1 Federal Root CA G2 | certificate | ||
| | or | | US DoD CCEB Interoperability Root CA 1 | certificate |
Step 1-4: Remove CAC from reader
Step 1-5: Clear your web browser history, then revisit the CAC website you were having problems accessing.
Step 1-5a: Click on the word Safari, followed by Clear History...
Step 1-5b: Select all history in the Clear (dropdown box), and select the Clear History (button) select the Clear History (button)
Step 1-5c: Click the word Safari again, followed by Preferences...
Step 1-5d: Click the Privacy (tab), then Manage Website Data... (button)
Step 1-5e: Type mail.mil [or other sites you are having problems accessing] into the search box (upper right side of active window). You can also wait a few moments for sites to come up automatically.
Step 1-5f: Once / if items populate in the window, select it / them, click Remove or Remove All, then Done to close the window
Step 1-5g: Reinsert your CAC in your reader and try accessing the CAC enabled website again.
NOTE: If you delete the login folder rather than the items inside it, you can restore it by navigating to /users/<username>/library/keychains/login.keychain and double clicking it.
Solution found at: https://discussions.apple.com/thread/1948993?threadID=1948993
Idea #2: Clearing the old certificates (after receiving a new CAC)
All versions of Mac OS
If you feel comfortable using command line, you can Run in Terminal.app (remove your CAC from the reader before running the command):
sudo rm -rf /var/db/TokenCache/tokens/
Instructions "borrowed" from this page
.
Firefox does not use the keychain access, it stores the files within the web browser. Here is how to clear them:
1. Select the 3 equal lines (upper right corner of your Firefox web browser).
2. Select: Preferences
3. Select: Advanced
4. Select: Certificates
5. Select: View Certificates
6. Select: Servers
7. Scroll down to: U.S. Government
8. Select the certificates you want removed, then click Delete...
If you are still having problems, contact Michael
The seven current CAC "models" are: "GEMALTO TOP DL GX4 144," "GEMALTO DLGX4-A 144," "GEMALTO DLGX4 128Kv2," "Oberthur ID One 128 v5.5 Dual," "Oberthur ID One v5.5a D," "G&D FIPS 201 SCE 3.2," or "G+D FIPS 201 SCE 7.0"
If you have any other CAC, you need to replace it before proceeding
You can verify by looking on the back of your ID card above the black magnetic strip for either of these:
You may also visit the individual pages for each version of Mac OS
| Big Sur (M1) | 11.x | |
| Big Sur (Intel) | 11.x | |
| Catalina | 10.15.x | |
| Mojave | 10.14.x | |
| High Sierra | 10.13.6 | |
| Sierra | 10.12.6 | |
| El Capitan | 10.11.6 | |
| Yosemite | 10.10.5 | |
| Mavericks | 10.9.5 | |
| Mountain Lion | 10.8.5 | |
| Lion | 10.7.5 | |
| Snow Leopard | 10.6.8 | |
| Leopard | 10.5.8 | |
| Tiger | 10.4.11 |
If you have questions or suggestions for this site, contact Michael J. Danberry
Disclaimer
ACRONYM Reference Page
Last Update or Review: Sunday, 03 April 2022 12:52 hrs
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, ChiefGeek.us, and MilCAC.us
Source: https://militarycac.com/keychain.htm
0 Response to "Mac Keeps Asking for Login Keychain Funny"
Post a Comment