On Tue 2015-09-22 11:13:38 -0400, SGT. Garcia wrote: > been looking for a solution to get gpg dance nicely with pam in the sense that > once a user authenticated in keychain is unlocked. that is to have one central > authentication that lasts for the duration of the user's session.
You might be interested in libpam-poldi: http://www.g10code.com/p-poldi.html I'm not sure if it meets your particular goals/use cases, though. There are some conceptual caveats to what you're proposing: Note that a user's GnuPG secret keyring potentially contains multiple secret keys, and each secret key could be encrypted with a different password. which secret key would need to be decrypted to make that work? Potentially even scarier, if i can convince you to import key material, i could give you a secret key that is set with a passphrase that i know. Once you've done that, if the PAM module allows me to connect if i can unlock any key, then i could use it to unlock your account! You could also consider a more integrated desktop environment like GNOME, which has a single keyring/password manager that is integrated with account login. GNOME's keyring can be used to also talk to gpg-agent if both tools are configured to do so. hth, --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
