gpg-agent and poldi.
Peter Lewis
prlewis at letterboxes.org
Fri Mar 21 22:50:25 CET 2008
Hello,
Firstly, thanks for some great software :-) I've been using gpg for a couple
of months now, including using poldi to log me in and unlock sessions with my
cryptocard from the FSFE.
However, I'm having a problem using gpg-agent to cache the smartcard's PIN
along with the poldi PAM module. Specifically, once gpg-agent has cached the
PIN, poldi no longer works, meaning that I can't use it for authenticating
su / sudo commands or for unlocking the session or logging in on another
terminal.
I found this in the list archives:
On Tue Jul 19 13:48:23 CEST 2005, Werner Koch said:
> On Fri, 15 Jul 2005 13:33:51 +0300, Joachim Breitner said:
>> Also, with scdaemon, there might be problems with other programs using
>> the smartcard, e.g. HBCI, but also libpam-poldi. Haven't investigated
>> that though.
>
> I already talked with Moritz about this. In general it should not
> happen because gpg-agent is started after a successful login and poldi
> needs then to relinquish control over the card reader. The problem
> seems to be any PAM access later on (e.g. su). We might need to watch
> out for a running scdaemon and utilize it the same way as gpg does it.
Is there any progress towards making this work yet? Any fix / patch /
workaround available?
Many thanks,
Peter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20080321/8100ad83/attachment.pgp>
More information about the Gnupg-devel
mailing list