gpg-agent and poldi.

Peter Lewis prlewis at
Fri Mar 21 22:50:25 CET 2008


Firstly, thanks for some great software :-) I've been using gpg for a couple 
of months now, including using poldi to log me in and unlock sessions with my 
cryptocard from the FSFE.

However, I'm having a problem using gpg-agent to cache the smartcard's PIN 
along with the poldi PAM module. Specifically, once gpg-agent has cached the 
PIN, poldi no longer works, meaning that I can't use it for authenticating 
su / sudo commands or for unlocking the session or logging in on another 

I found this in the list archives:

On Tue Jul 19 13:48:23 CEST 2005, Werner Koch said:
> On Fri, 15 Jul 2005 13:33:51 +0300, Joachim Breitner said:
>> Also, with scdaemon, there might be problems with other programs using
>> the smartcard, e.g. HBCI, but also libpam-poldi. Haven't investigated
>> that though.
> I already talked with Moritz about this.  In general it should not
> happen because gpg-agent is started after a successful login and poldi
> needs then to relinquish control over the card reader.  The problem
> seems to be any PAM access later on (e.g. su).  We might need to watch
> out for a running scdaemon and utilize it the same way as gpg does it.

Is there any progress towards making this work yet? Any fix / patch / 
workaround available?

Many thanks,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20080321/8100ad83/attachment.pgp>

More information about the Gnupg-devel mailing list