shawn wilson at
Mon Mar 20 05:06:15 CET 2017

As I'm looking to implement smartcard local login, it looks like the
pam module doesn't use scdaemon. gpgsm can create my csr (which is
awesome), but opensc doesn't work when gpg-agent is running, so I'm
thinking that neither will pam. Since I use gpg to decrypt smtp/pop
non-interactive (obviously w/ a short-ish ttl set) I kinda want to
keep gpg-agent loaded (and working for a time) when I'm not logged in.
I also don't want to get myself locked out.

What's the advised way of doing this?
Is there any documentation on this (the only thing I've seen is not
using the pkcs11 module and the last time I found this brought up on a
mailing list was 2011)?

Is there any effort to allowing scdaemon work w/ browser sso and the
like? I see some really old mailing list threads on this and
scd-pkcs11, but as I'm guessing there are fewer eyes on that project,
I'd prefer to stay in the gpg ecosystem if at all possible.

More information about the Gnupg-devel mailing list