keychain access

jae77 · Post by **jae77** » Tue Sep 05, 2006 10:27 pm

how about ip filtering? is that a possibility? or how about just excluding certain apps from needing the password at all, instead of a password per.

the network notification ability looses a lot of it's usefulness if i am prompted to enter my keychain password every time it locks and a notification comes in, and i'm really not a fan of just leaving the service exposed.

i'm open to other suggestions (short of leaving the system open entirely) that can help get around this issue.

Post by **The_Tick** » Wed Sep 06, 2006 1:42 am

It's not something we're going to fix.

jae77 · Post by **jae77** » Wed Sep 06, 2006 1:45 am

let me ask another question, b/c this is the first mac i've ever owned.

could i just create a seperate keychain to store all the growl stuff in and have that never lock, but continue to let me "login" keychain lock after x minutes to keep everything else safe?

jae77 · Post by **jae77** » Wed Sep 06, 2006 1:46 am

and why is it something that will not be considered for fixing?

Post by **The_Tick** » Wed Sep 06, 2006 3:15 am

jae77 wrote:let me ask another question, b/c this is the first mac i've ever owned.

could i just create a seperate keychain to store all the growl stuff in and have that never lock, but continue to let me "login" keychain lock after x minutes to keep everything else safe?

No idea.

Post by **The_Tick** » Wed Sep 06, 2006 3:15 am

jae77 wrote:and why is it something that will not be considered for fixing?

It's not something that affects 80% of our user base.

jae77 · Post by **jae77** » Wed Sep 06, 2006 3:23 am

The_Tick wrote:
jae77 wrote:let me ask another question, b/c this is the first mac i've ever owned.

could i just create a seperate keychain to store all the growl stuff in and have that never lock, but continue to let me "login" keychain lock after x minutes to keep everything else safe?
No idea.

well - this doesn't appear to work. i can't switch away from the login.keychain to store the growl information in a different keychain that i've created.

perhaps this is possible, but needs to be changed in the code.

It's not something that affects 80% of our user base.

a quick scan of trac shows other requests for network functionality enhancments, so i don't see why this is something that can't be requested and considered.

just b/c i'm the first person asking for it doesn't mean that others wouldn't want to use it.

Post by **The_Tick** » Wed Sep 06, 2006 3:32 am

We've told you why we're using keychain. We're not going to go around keychain just to appease just one person. It's not a trivial task.

We're also not going to accept any patches for this should someone write it up and send us a patch.

It's not something that will go into Growl. Period.

jae77 · Post by **jae77** » Wed Sep 06, 2006 3:51 am

The_Tick wrote:We've told you why we're using keychain. We're not going to go around keychain just to appease just one person. It's not a trivial task.

We're also not going to accept any patches for this should someone write it up and send us a patch.

It's not something that will go into Growl. Period.

yes, i realize that, and at this point, i'm trying to find out/suggest potential alternatives that could be used to address this issue.

i don't see how specifying remote apps that require a password vs those that do not would require moving away from keychain.

creating a seperate keychain that never gets locked also seems like it would address my needs, but it doesn't appear that i can specify a different keychain to use and am stuck with the "login" one.

Post by **The_Tick** » Wed Sep 06, 2006 5:32 am

We've stated multiple times that we're only going to use the keychain and we're not going to setup a per application ignore on it, nor are we going to cache passwords. These are the only "other options".

We're also not going to invest time into making it work with multiple keychains, albeit we'd accept a patch for that.

Networking itself needs to be improved, but this portion works as intended.

jae77 · Post by **jae77** » Wed Sep 06, 2006 6:08 am

The_Tick wrote:We've stated multiple times that we're only going to use the keychain and we're not going to setup a per application ignore on it, nor are we going to cache passwords. These are the only "other options".

We're also not going to invest time into making it work with multiple keychains, albeit we'd accept a patch for that.

Networking itself needs to be improved, but this portion works as intended.

i understand the restrictions put in place by keychain - no need to be snarky about it.

i do not understand why a per application ignore won't be considered - you have not given a clear cut answer on that, and i don't accept being the only one asking for it as a reason. sometimes all it takes is one person to ask and others will clamor.

since i know nothing of objective c, i highly doubt i'm going to be the one to submit the patch, but i'll keep my fingers crossed that someone else will come along who wants this and does. but hey, always up for a challenge, perhaps i'll find some time and learn.

Post by **bgannin** » Sun Oct 15, 2006 2:45 pm

I think this partly falls within a couple areas of contention:

1. Granularity - we are striving for a readily accessible mechanism for as broad a cross-section as possible and providing hooks to control every single aspect of a ticket, or its associated behavior, is overwhelming and, as Tick stated, not applicable to a large portion of users, thus lessening demand and attention.

2. Familiarity - I can't speak for the entire team, but I myself am not intimately familiar with the Keychain security mechanisms and how to work with them, and as such I tend to tread lightly on the side of caution.

While it may seem trivial to compromise a password used for remote passwords, it is not something any developer would want to foster. That said, I can certainly understand your frustration if you get a password prompt every 15 minutes