When a user's password is changed in macOS — for example, via GoLive or a script — the login keychain will lose sync with the new password. When this happens, a system dialog appears at login prompting the user to update their keychain, which cannot be bypassed remotely. This prevents remote access tools like LiveDesktop and Splashtop from connecting until the keychain is resolved.
Note: This issue does not occur when a password is changed manually via the macOS System Settings > Users & Groups GUI, as that method includes the keychain update automatically.
Method 1: Update the Existing Keychain (Old Password Known)
If you know the user's previous password, run the following command from the Devices page (or GoLive > Scripts tab) using the Run Command box. Replace the $variables with the appropriate values.
security set-keychain-password -o "$oldPassword" -p "$newPassword" "/Users/$username/Library/Keychains/login.keychain-db"
Security note: Per Apple's documentation, use of the
-poption is considered insecure because the password will appear in plain text in the device's Bash history. This risk is somewhat mitigated by the fact that it will be in the root user's Bash history, which is obscure and difficult to access — however, the security implications should be considered before running this command.
Method 2: Create a New Keychain (Old Password Unknown)
If the old password is not available, you can create a fresh login keychain for the user. This will back up the old keychain before replacing it. Run the following commands from the Devices page (or GoLive > Scripts tab) using the Run Command box. Replace the $variables with the appropriate values.
# Back up the existing keychain mv "/Users/$username/Library/Keychains/login.keychain-db" "/Users/$username/Library/Keychains/login.keychain-db.bak" # Create a new keychain security create-keychain -p "$password" "/Users/$username/Library/Keychains/login.keychain-db"