Passwords for Safari and Firefox stored in separate keychains since OS X 10.9

[GoogleCodeExporter]

Since upgrading to OS X 10.9.0 Mavericks, there are two keychains "local 
objects" and "login". Safari stores passwords in one of these, Firefox (v25.0.1 
with Keychain Services Integration v1.1.6)stores passwords in the other. This 
has broken browser interoperability - which was the (my) key incentive for 
using Keychain Services Integration. Please advise.

Original issue reported on code.google.com by ri...@co-operate.net on 24 Nov 2013 at 11:17

• Merged into: #62

[GoogleCodeExporter]

I haven't had a change to upgrade yet. Which keychain is used by which 
application? Firefox should store passwords in whichever keychain is marked as 
"default" in Keychain Services and should look for passwords in all keychains.

If setting the default keychain doesn't work, there's another possibility: I 
added support in 1.1.6 for a configuration preference to specify which keychain 
to store to. It hasn't had much testing yet, but you could try it as a last 
resort. Just set extensions.macos-keychain.write-file to the full path (can 
start with ~/) of the keychain you want to store passwords to. There's also 
extensions.macos-keychain.search-path, which is a colon-separated list of 
keychains to search if you want to override the default.

Original comment by jfitz...@gmail.com on 2 Dec 2013 at 9:33

[GoogleCodeExporter]

Warning: I am no expert :-) 
That said, I have two Macs here, both running OS X Mavericks 10.9.0. One of 
them has been updated, the other one with a clean installation from scratch. On 
both machines iCloud keychain synching is turned OFF. Both machines have this 
new "local items" keychain, in addition to the "login" keychain (actually 
"Anmeldung", as I'm using a German system). 

Firefox continues to store passwords in the "login" keychain as it always has. 

Safari stores passwords in the "local items" keychain, but is able to read from 
the "login" keychain, too. If there are similar entries in both keychains, 
Safari will always use the password stored in "local items". 

I believe this is iCloud keychain synching related, I believe

Original comment by ri...@co-operate.net on 3 Dec 2013 at 9:42

[GoogleCodeExporter]

Sorry, It took me some time to get around to trying your suggestions.
(a) Setting the default keychain to the new, OSX-generated "local objects" 
keychain is not possible. When right-clicking the keychain, that option is 
grayed out. I could set other keychains as default (including "login", 
obviously) but not "local objects".
(b) Setting extensions.macos-keychain.write-file to "local objects" keychain 
did not work, either, because I did not find the file. It is not located in 
~/Library/Keychains/ nor in any other location I could think of. 

Feel stupid now.

Original comment by ri...@co-operate.net on 11 Dec 2013 at 5:13

[GoogleCodeExporter]

Hi guys, I'm seeing the 'issue' too. But I think it can't be changed in the 
addon as long as Apple isn't providing information in how to use the iCloud 
keychain in OSX. I  couldn't find an 'icloud.keychain' file on my Mac (10.9.1) 
so I'm wondering if Apple is instead using a different file format or has 
hidden the file somewhere with a funny name which is hard to guess. 
Firefox/Mozilla keychain is saving the passwords in the login.keychain but 
iCloud sync is only syncing the data from the iCloud keychain. However Safari 
is able to use both the login.keychain and the iCloud keychain. 

Original comment by joer...@me.com on 21 Dec 2013 at 10:41

[GoogleCodeExporter]

Hi,

according to this article I found:
http://my.safaribooksonline.com/book/programming/mobile/9781449372446/8dot-secur
ity/ch08s08_html
an additional attribute kSecAttrSynchronizable needs to be specified to access 
the iCloud-synced passwords. The article refers to iOS 7, however, the API is 
the same for OS X 10.9.
Maybe someone can try this...

Original comment by sebastia...@gmail.com on 4 Jan 2014 at 4:38

[GoogleCodeExporter]

Original comment by jfitz...@gmail.com on 8 Jan 2014 at 1:24

• Changed state: Duplicate