On Mon, Oct 03, 2011 at 09:13:12AM -0400, Jay Soffian wrote: > > Yeah. I was thinking the ACL prompt would come up more often, but I > > guess most people would hit "allow always", since it would get annoying > > pretty quickly otherwise (I didn't, because I was testing). > > In the normal case, the keychain entry would be added via the > credential helper, so they'd never even see the prompt since the > binary which adds an entry is automatically on that entry's ACL. Ah, that makes sense. That wasn't what happened for me; the first time I ran it, before I had ever given it a password, it asked if it could access the login keychain. But that was because I _already_ had an entry there from the GitHub for Mac client. So I assume it was typical that most users would see it at least that first time. But it's probably not. > > Side note: do you know how to edit those ACLs? I couldn't find it in the > > keychain manager. It would be helpful for testing to be able to tweak it > > (as a workaround, I just modified the binary, which apparently the > > keychain code cares about). > > Double-click on the entry in Keychain Access, then click the "Access > Control" tab. Thanks. For some reason I was thinking the ACL was based on the keychain, but of course having it per-entry makes much more sense. So I was just looking in the wrong place. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html