OpenPGP card and poldi-ctrl

Markus Krainz ldm at gmx.at
Sun Dec 12 18:10:34 CET 2010


Hi Alphazo,

thanks for this great howto. I got it working right away.
Where I still have problems: The gnome-keyring (seahorse), still demands
the user-password. Also I often have to unplug and replug the reader to
authenticate. This works, but it is very inconvenient.

Regards,
Markus


On 2010-11-27 08:31, wrote:
> Hi Markus,
>
> Poldi tutorials are outdated. The new versions is configured
> differently. Poldi 0.4.1 works flawlessly with my Cryptostick token
> (OpenPGP card V2) for PAM authentication
>
> I used the default /etc/poldi/poldi.conf
> /auth-method localdb
> log-file /var/log/poldi.log
> debug
> scdaemon-program /usr/bin/scdaemon
> /
> Added one line to /etc/poldi/localdb/users with CryptoStick's serial
> number (get it from gpg --card status | grep Application) :
> /D1234678912346789123467891234678 alpha/
>  
> And they dumped the public key from my Cryptostick into poldi local db:
> /sudo poldi-ctrl -k >
> /etc/poldi/localdb/keys//D1234678912346789123467891234678
>
> The rest is pretty standard as it requires to modify pam configuration
> files. I keep the possibility to log in with password for the moment
> so I just added in /etc/pam.d/gdm   /etc/pam.d/login  
> /etc/pam.d/sudo  /etc/pam.d/gnome-screensaver:
> /auth        sufficient    pam_poldi.so/
>
> That's it really! 
>
> One more thing, for better stability I recommend to disable opensc
> daemon when using Cryptostick. I had it enabled because I was playing
> with a PKCSC#11 token and got all sort of problems. I also had
> opensc-pkcs11.so module loaded in Thunderbird that had a tendency to
> restart opensc daemon also. So best is to disable it too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20101212/c26ec49d/attachment.htm>


More information about the Gnupg-users mailing list