Manualshelf

Setup guide

ManualsBrandsApple ManualsComputer equipmentMac OS X Panther
919293949596979899100
UNCLASSIFIED
e. Place a check in the Ask for keychain password checkbox. With
this option selected, the user will be required to provide the keychain
password before the Keychain Access application will release the
passphrase to another application. This is particularly important for
high value items, such as personal key certificates which are only
needed when signing or decrypting information, although such items
should also be placed in their own keychains.
Chapter 6 -
Future Guidance
f. The Always allow access by these applications list should be kept
empty unless operationally required. Any application in this list can
access the item without prompting the user or requiring re-entry of the
keychain password. If there are any applications in this list, click on
one of them, and click on the Remove button at the bottom of the
window. Repeat this until all entries have been removed from the list.
Creating Multiple Keychains
When a user account is created, it will contain only an initial default keychain, login.
A user may create additional keychains, each of which may have different settings.
This allows the user to create and configure different keychains for different
purposes.
For example, a user may want to group all his credentials for mail accounts into one
keychain. Since mail programs query the server frequently to check for new mail, it
would not be practical to expect the user to re-authenticate every time such a check
is being performed. The user could create a keychain and configure its settings such
that he would be required to enter the keychain password at login and whenever the
machine is awakened from sleep mode. He could then move all items containing
credentials for mail applications into that keychain and set each item so that only the
mail application associated with that particular credential can automatically access
it. This would force all other applications to authenticate in order to access that
credential.
A setting such as the one given above might be appropriate for credentials used by
mail applications, but might be unacceptable for others. If a user has an infrequently
used web-based account, it would be more appropriately stored in a keychain
configured to require re-authentication for every access by any application.
The following guidance explains how to set up three keychains in a user’s account,
each with a different level of accessibility. This configuration should be adequate for
a typical user, and should demonstrate the use of multiple keychains by a single user.
Once a user becomes familiar with configuring keychains, he may want to create a
custom keychain configuration.
Keychain Examples
Keychain 1: Frequently accessed credentials (e.g. Mail)
UNCLASSIFIED
79