Single Sign On and PAM
Werner Koch
wk at gnupg.org
Thu Mar 13 10:58:13 CET 2008
On Sun, 9 Mar 2008 10:37, f_philipp at fastmail.net said:
> I'd like to use my login password to automatically decrypt my gpg-keys.
> With PAM and gpg-agent all pieces should already exist for such a task,
> someone just have to put the pieces together.
What you want is Poldi:
$ apt-cache show libpam-poldi
Package: libpam-poldi
Depends: libc6 (>= 2.5), libgcrypt11 (>= 1.2.2), libgpg-error0 (>= 1.4), libusb-0.1-4 (>= 2:0.1.12)
Description: PAM module allowing authentication using a OpenPGP smartcard
This PAM module will allow you to login, screenlock and validate to
services using your GnuPG smartcard.
You might have expected to find this with a name of libpam-pgp, libpam-gpg,
libpam-openpgp or libpam-gnupg.
.
This code is considered experimental and needs more testing. It is, however,
already used for the daily login.
Tag: security::authentication
Sources should be on ftp.gnupg.org/gcrypt/alpha - I am not sure right
now.
> man-page, gpg-agent can emulate ssh-agent with "--enable-ssh-support".
That works really weel, I am using it for at least two years now.
Daily, for all purposes inclding cron jobs and smartcards.
To test it on a system without a running gpg-agent you can do this:
$ gpg-agent --daemon --enable-ssh-support sh
$ ssh-add -l
and it shows you your keys. There is a howto somewhere floating around.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-users
mailing list