Single Sign On and PAM

Werner Koch wk at
Thu Mar 13 10:58:13 CET 2008

On Sun,  9 Mar 2008 10:37, f_philipp at said:

> I'd like to use my login password to automatically decrypt my gpg-keys.
> With PAM and gpg-agent all pieces should already exist for such a task,
> someone just have to put the pieces together. 

What you want is Poldi:

$ apt-cache show libpam-poldi
Package: libpam-poldi
Depends: libc6 (>= 2.5), libgcrypt11 (>= 1.2.2), libgpg-error0 (>= 1.4), libusb-0.1-4 (>= 2:0.1.12)
Description: PAM module allowing authentication using a OpenPGP smartcard
 This PAM module will allow you to login, screenlock and validate to
 services using your GnuPG smartcard.
 You might have expected to find this with a name of libpam-pgp, libpam-gpg,
 libpam-openpgp or libpam-gnupg.
 This code is considered experimental and needs more testing. It is, however,
 already used for the daily login.
Tag: security::authentication

Sources should be on - I am not sure right

> man-page, gpg-agent can emulate ssh-agent with "--enable-ssh-support".

That works really weel,  I am using it for at least two years now.
Daily, for all purposes inclding cron jobs and smartcards.

To test it on a system without a running gpg-agent you can do this:

  $ gpg-agent --daemon --enable-ssh-support sh
  $ ssh-add -l

and it shows you your keys.  There is a howto somewhere floating around.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list