On Thu, Feb 23, 2006 at 01:04:10AM +0100, Walter Haidinger wrote: > On Wed, 22 Feb 2006, David Shaw wrote:
> > Are you looking for a remote keyring? > > That's slightly different than a keyserver, or at least the thing > > that GnuPG calls a keyserver. > > Now that you mention it: acutally yes, for private keys. I've not done > any research about that yet. Just came to my mind during the discussion > in this thread. > Does GnuPG support remote keyrings? No, unless it's via a remote filesystem (NFS, SMB, some magic with fuse, etc). > > This is just for testing though - the actual feature needs a little > > more work before 1.4.3 release - the binddn and bindpw is global for > > all keyservers, so if someone selects a different ldap keyserver > > without removing the binddn and bindpw, they likely will be refused > > (bad password). This can happen automatically with keyserver URLs. > > What is really needed is a .netrc-style "ldap-password" file that > > contains binddn and bindpw for different machines. > > This is a general limitation, not to be solved by the ldap code, > IMHO. AFAIK, 1.4.2 only supports a single keyserver, right? > Therefore, any keyserver options apply to the one set. There should > be a mechanism to specify multiple keyservers, each with its own > option set, binddn and bindpw just being one of them. I'm not sure I agree with this. GnuPG does support multiple keyservers in the sense that it handles preferred keyserver records on keys, as well as the new auto-key-locate feature. All of these have the same set of options, as keyserver options are not per-keyserver. They're not "options for keyserver x" - they are "options that pertain to keyservers". For example, "auto-key-retrieve" is not meaningful except in the general sense. Until yesterday, in fact, when I added binddn and bindpw, all the options were not meaningful except in the general sense. I think the right place for the solution is in gpgkeys_ldap itself. Certainly, HTTP, FTP, and HKP have no notion of a DN to bind to. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
