OpenPGP card and poldi-ctrl
Alphazo
alphazo at gmail.com
Sat Nov 27 08:31:13 CET 2010
Hi Markus,
Poldi tutorials are outdated. The new versions is configured
differently. Poldi 0.4.1 works flawlessly with my Cryptostick token (OpenPGP
card V2) for PAM authentication
I used the default /etc/poldi/poldi.conf
*auth-method localdb
log-file /var/log/poldi.log
debug
scdaemon-program /usr/bin/scdaemon
*
Added one line to /etc/poldi/localdb/users with CryptoStick's serial number
(get it from gpg --card status | grep Application) :
*D1234678912346789123467891234678 alpha*
And they dumped the public key from my Cryptostick into poldi local db:
*sudo poldi-ctrl -k > /etc/poldi/localdb/keys/*
D1234678912346789123467891234678
The rest is pretty standard as it requires to modify pam configuration
files. I keep the possibility to log in with password for the moment so I
just added in /etc/pam.d/gdm /etc/pam.d/login /etc/pam.d/sudo
/etc/pam.d/gnome-screensaver:
*auth sufficient pam_poldi.so*
That's it really!
One more thing, for better stability I recommend to disable opensc daemon
when using Cryptostick. I had it enabled because I was playing with a
PKCSC#11 token and got all sort of problems. I also had opensc-pkcs11.so
module loaded in Thunderbird that had a tendency to restart opensc daemon
also. So best is to disable it too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20101127/c2d528fd/attachment.htm>
More information about the Gnupg-users
mailing list