Not to beat a dead horse but a couple of question just occured to me...
- Do you have iCloud Keychain turned ON?
- Do you have two step authentication activated?
I can see how either of these could be a cause of your user/keychain password issues. I can also see why Apple's move toward these might bring them to change the way the login process handles inaccessible keychain issues. This might be the answer to our "why" question.
First, the
"Select Password" dialog box is apparently a new-to-High Sierra default step during migrations; I've been presented with it regardless of the circumstances under which I've migrated.
I'm totally mystified by its occurrence and
complete lack of lack of documentation, though; even the AppleCare AMR Senior Specialist to whom I spoke was unaware of it before I told him about it.
The Specialist did, however, get me researching my keychain migration issue (i.e. my differing login and keychain p/w's preventing my keychain from successfully migrating from Sierra to High Sierra)...
Apple seems to have dropped all possibility of differing login and keychain p/w's in HS, and I've gotten my HS keychain populated only by either equalizing my p/w's in advance of upgrade/migration or entering my keychain p/w in the "Select Password" dialog box during migration:
- An upgrade sans equalization didn't call up the "Select Password" dialog box; it simply left me with synced passwords and an empty keychain.
- When you change your login p/w from a different Admin account, your keychain p/w may (as per HS Keychain Access Help) remain the same, but changing mine from a different Admin account has invariably synced mine - despite the fact that the pop-up says it won't - and left my keychain empty.
- After changing my login p/w from my Recovery partition - which should have left my keychain p/w intact - I restarted to a synced p/w and an empty keychain.
- Changing my login p/w from Sys Prefs > Users & Groups > Change Password... did, however, work as expected, i.e. it changed both my login and keychain p/w's.
HS Keychain Access Help discusses login and keychain p/w's getting out of sync, and Edit > Change Password for Keychain "login"... is mentioned as the fix, but there doesn't seem to be any way to get them out of sync in the first place.
I don't understand why Apple eliminated
a security feature; maybe it has something to do with the deep password linkages you mentioned a while back? Even stranger, though, is why they blind-sided those of us partaking of it...no advance warning...not even an after the fact "Gotcha!"
In the end, though, while my being unable to maintain different login and keychain p/w's apparently isn't a bug, it also isn't something on which Apple's got a very good grip.
And the bottom line is that now that I understand what's been happening I've got no more qualms about upgrading to High Sierra...albeit without my beloved differing p/w's, and actually, after looking closely at the contents of my keychain I've realized that there's nothing in it that leaves me at risk if it can be unlocked by my login p/w.
Note: As respects your thought about my issue possibly resulting from my having iCloud Keychain turned on, back in Mavericks, Apple split "login keychain" into two separate components..."login keychain" and "Local Items keychain"; the change seems to have had something to do with iCloud, and since the former can be locked, but the latter can't, it may be related to iCloud syncing (but it hasn't affected migrations in any way of which I'm aware).