Using GnuPG when switching users

[Dan Horne]

I'd love to have gone to 2.2 but getting GnuPG to work on Solaris is
extremely difficult. We tried compiling from source, but hit several
roadblocks. Looking online, several others have reported the same issues,
but have had no resolution. I messaged this group, but unfortunately, none
of the suggestions worked.

In the end, our admins found an old packaged version of v2 on an open
source for Solaris repository. The workaround was to make the virtual
device terminal of the original user accessible to the su user who was
creating the keys. This is a security hole that we're not happy with, but
it was only temporary as we don't require an interactive passphrase
following key creation.

On 1 February 2018 at 05:00, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
wrote:

> On Mon 2018-01-29 15:44:56 +1300, Dan Horne wrote:
> > Has someone got a workaround? I need to be able to use "su" as we are not
> > allowed to log into the user directly. I'm also stuck with Solaris and
> the
> > specified version of GnuPG
>
> the problem you're running into is that pinentry is unable to prompt you
> for a password.
>
> as a workaround, you could create your own pinentry that provides a
> password, or that can prompt you in some other way.  You might be
> interested in some dummy pinentry implementations:
>
>    https://dev.gnupg.org/source/gnupg/browse/master/tests/fake-pinentries/
>
> For an actual fix, you've got quite a set of constraints here, and they
> might just mean that you cannot solve the problem without a workaround.
>
> Please note that the 2.0.x branch of GnuPG is no longer supported by the
> project.
>
> I *strongly* recommend that you try to get the 2.2.* branch installed
> and then you'll be able to use the loopback pinentry-mode.  And you'll
> be running supported software.
>
>     --dkg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180201/0e27dc59/attachment.html>