Broken login.keychain, what now?

Solution 1:

I hope this helps someone in the future:

The list of keychains, notably login.keychain, is stored in ~/Library/Preferences/com.apple.security.plist

The system.keychain and similar are found in /Library/Preferences/com.apple.security.plist

If those files have wonky permissions, you'll have problems doing anything. Even if the keychain files themselves are fine, if the OS is unable to edit those two files it just silently fails in weird ways. Notably, Keychain Access will keep forgetting about the whole login chain, and anything you add or remove from it.

This same problem may apply to the keychain itself; if you can't save to it, you likely have wonky permissions.

Note that it appears Disk Utility does not fix this, although I don't know why. It seems you have to manually fix this. You can do this by doing a Get Info on a root folder and reapplying permissions. In my case the problem was that the Owner was wrong because I moved the files from another machine.