Hi all,
In my use case (see below) storing WiFi passwords in keychain (which is as designed) and syncing these passwords (adding and removing) is an issue. I'm looking for the easiest solution.
Use case
In our home network (all controlled by UniFi Cloud key) we have different WiFi SSID's, each on a separate subnet (VLAN) and segregated by firewall rules:
- "JansenFamily" for our Macs, ipads and iphones
- "JansenExternal" for school and work laptops that are not managed by ourselves
- "JansenLegacy" for older devices that don't get security patches, such as very old Macs
My wife still uses a 2008 Macbook Unibody, which I assigned the "JansenLegacy" SSID. The WiFi password gets stored in her keychain.
My wife also sometimes uses my 2015 MacBook Pro and she has her own account on that machine. My 2015 MBP is assigned to "JansenFamily" and the WiFi password is stored in my keychain.
However, WiFi passwords stored on a machine are stored for all users on that machine.
Thus, when my wife logs on to my 2015 MBP, her keychain gets synced on that machine so the WiFi password for "JansenFamily" is stored in her keychain. Then when she logs on to the old 2008 Macbook again, her keychain gets sync'ed on that machine, so that machine suddenly can connect to "JansenFamily" automatically, which is obviously not what I want.
Solution A
Dedicate one machine to one person only
Pros: straightforward easy solution
Cons: not flexible: My wife needs my 2015 MBP for some apps that don't run (so well) on the old MacBook
Solution B
Change the order of preferred networks on the 2008 MBP so that "JansenLegacy" is higher in the list
Pros: quick and easy
Cons: if for some reason "JansenLegacy" is not available or has a weaker signal, the machine will switch to "JansenFamily" after all
Solution C
Assign a whitelist to WiFi SSID "JansenFamily" containing only the MAC addresses of the devices that I allow to connect.
Pros: rock solid
Cons:
- tedious to do the work in the settings
- maintenance load: whenever a new device joins the family I need to update the whitelist
Solution D
Assign a blacklist to WiFi SSID "JansenFamily" containing only the Macbook MAC address.
pros:
- rock solid
- faster than solution C
- maintenance load is similar in concept
Any other solutions you can think of?
Thanks!
In my use case (see below) storing WiFi passwords in keychain (which is as designed) and syncing these passwords (adding and removing) is an issue. I'm looking for the easiest solution.
Use case
In our home network (all controlled by UniFi Cloud key) we have different WiFi SSID's, each on a separate subnet (VLAN) and segregated by firewall rules:
- "JansenFamily" for our Macs, ipads and iphones
- "JansenExternal" for school and work laptops that are not managed by ourselves
- "JansenLegacy" for older devices that don't get security patches, such as very old Macs
My wife still uses a 2008 Macbook Unibody, which I assigned the "JansenLegacy" SSID. The WiFi password gets stored in her keychain.
My wife also sometimes uses my 2015 MacBook Pro and she has her own account on that machine. My 2015 MBP is assigned to "JansenFamily" and the WiFi password is stored in my keychain.
However, WiFi passwords stored on a machine are stored for all users on that machine.
Thus, when my wife logs on to my 2015 MBP, her keychain gets synced on that machine so the WiFi password for "JansenFamily" is stored in her keychain. Then when she logs on to the old 2008 Macbook again, her keychain gets sync'ed on that machine, so that machine suddenly can connect to "JansenFamily" automatically, which is obviously not what I want.
Solution A
Dedicate one machine to one person only
Pros: straightforward easy solution
Cons: not flexible: My wife needs my 2015 MBP for some apps that don't run (so well) on the old MacBook
Solution B
Change the order of preferred networks on the 2008 MBP so that "JansenLegacy" is higher in the list
Pros: quick and easy
Cons: if for some reason "JansenLegacy" is not available or has a weaker signal, the machine will switch to "JansenFamily" after all
Solution C
Assign a whitelist to WiFi SSID "JansenFamily" containing only the MAC addresses of the devices that I allow to connect.
Pros: rock solid
Cons:
- tedious to do the work in the settings
- maintenance load: whenever a new device joins the family I need to update the whitelist
Solution D
Assign a blacklist to WiFi SSID "JansenFamily" containing only the Macbook MAC address.
pros:
- rock solid
- faster than solution C
- maintenance load is similar in concept
Any other solutions you can think of?
Thanks!
