From: Jeremy R. <jj...@ri...> - 2007-12-21 16:52:40
|
In a past discussion with Shawn Geddis of Apple, I was of the impression that there would be some way to have site-specific certs on without affecting the system keychain. I don't know if that method exists yet in Leopard or how to set it up. Is SystemKey dynamically generated by each local system, and unique for that installation? I'm getting that impression, but I haven't fully read that man page yet. If we do what Wout suggests, we could have a launchd* item that checks for zero length SystemKey files and replaces them ... sort of like the sshd keys workaround. But at least we don't _need_ the passphrase argument for systemkeychain: "If the optional password argument is given, the keychain can be also be unlocked with that; otherwise, the keychain has no password and can only be unlocked by the system." -- Jeremy Reichman Senior Desktop Systems Engineer Information and Technology Services Rochester Institute of Technology * Launchd is now officially my answer for everything. ;) |