5.1. How Keychains Work
The keychain that you carry in your pocket or purse probably contains keys to your home, car, mailbox, and any other lock you need to open frequently. If you get a new key — to your office, filing cabinet, or whatever — most likely you'll put it on the same keychain. No matter what you need to unlock, you only have to worry about one object. As long as you have your keychain, you can open anything you need to access. The keychain itself isn't important, but it gains utility by keeping all your keys together.
A keychain on your Mac serves a similar purpose; it lets you get at all your passwords in the same way. Unlike a physical keychain, though, your digital keychain can hold hundreds or thousands of items without becoming more cumbersome to use. Even if someone steals your keychain from your Mac, they can't use any of its keys without knowing your password, so it's safer too. And instead of fumbling for just the right key among many that look alike, you can depend on Mac OS X to automatically and instantly locate the right key at any given time.
By default, every user has a keychain called login, in which you can store passwords for any resources you need to access (and other confidential data). User keychains are stored in ~/Library/Keychains. In addition, each Mac has a keychain called System (stored in /Library/Keychains) that holds passwords needed by the operating system even when no user is logged in, such as the password to your wireless network. ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
