Start
Products
GnuPG
GEAM
GPGME
Libgcrypt
GNU TLS
KSBA
GPGSM
GPGol
Smartcard
SFSV
Poldi
Support
Consulting
Contact
->deutsch
|
Poldi is a PAM module implementing challenge/response based
authentication through
the OpenPGP smartcard.
It makes use of several GnuPG components (Libgcrypt, Assuan, Scdaemon,
Dirmngr) and currently supports two authentication methods:
- local-database:
This method establishs the mapping between user accounts and
smartcards through a locally administered database.
- X509:
This method uses the PKI infrastructure provided by Dirmngr for
validating certificates. OpenPGP smartcards are associated with X509
certificates through the smartcard's ``url'' field; the user account
name to use for authentication is extracted from the certificate.
Latest released version of Poldi is 0.4. Please note that this
version is still considered experimental.
Download
Latest source tarballs including digital signatures are available at
our FTP server.
Screenshots
Since Poldi is a PAM module, it's slightly misleading to speak of
Poldi screenshots. Instead we have screenshots of PAM-enabled
applications that are configured to use Poldi.
Installation
Installation instructions are contained in the Poldi manual, which is
distributed in the Poldi source code package.
Known Problems
It seems there are some problems with SCDaemon in respect to card
re-insertion. This needs to be debugged.
Bug reports
Please use the GnuPG bug tracker at
bugs.gnupg.org and the category
"poldi". If you want to discuss a problem first the
gnupg-devel
mailing list is the right place.
Development
Frequently asked questions
(No, until now these questions have not been asked on a frequently
basis. But still I can imagine them to be asked, therefore they are
listed here.)
- Why is it called "Poldi"?
Poldi is named after the dragon in the old children television series
named "Hallo Spencer". For now special reason.
- Does it work?
Yes. It seems there are some quirks in respect to SCDaemon, but they
will probably be fixed rather soon.
- It seems it doesn't work with every PAM-enabled application!
Well, sadly there are some applications which do not have a decent PAM
integration. For example, they assume that authentication does always
mean username/password authentication. This is wrong and exactly the
reason for the development of PAM. If it seems that this is the
problem with your application it might make sense to contact the
developers of that application.
|