Keychain: Application still requesting access with entry created via “security add-generic-password”

keychainpasswordSecurity

I'm adding a Keychain entry programatically onto a machine via the security command as such:

security add-generic-password -a "username@exchange.server.here" -s "Exchange" w "P@ssw0rd!" -T "/Applications/Microsoft Outlook"

It looks great, just like one generated one when you set up Outlook! However, I still get the "Microsoft Outlook wants to access key Exchange in your keychain" prompt when the user opens Outlook.

Have I missed a step here somewhere? I was of the impression that -T allowed applications to access a keychain entry unprompted?

Best Answer

In newer versions of OS X you now have to add a partition teamid

security set-generic-password-partition-list -S teamid:UBF8T346G9 -s "Exchange" -k YOUR_USER_PW

If you 'allow' Exchange or whichever app to use the password and then inspect it

security dump-keychain -a > blip.txt

You can see the teamid and then use that in the command above. For instance for Sequel Pro:

    class: "genp"
    attributes:
        0x00000007 <blob>="Sequel Pro : mydb (5180261558162063037)"
    ...
        entry 3:
            authorizations (1): partition_id
            don't-require-password
            description: teamid:Y48LQG59RS
            applications: <null>
    ...

Now when you script this trusted password you can use:

    security add-generic-password -a "me@localhost/mydb" -s "my db" -p thepasswordtomydb -T "/Applications/Sequel Pro.app" -U
    security set-generic-password-partition-list -S teamid:Y48LQG59RS -s "my db" -k your_user_pw

Best Answer

Related Solutions

What security settings should one use with Keychain

“Show Password” in Keychain Access doesn’t work

Related Question