[g10 Code Logo]
[ ] Start
[v] Products
   [ ] GnuPG
   [ ] GEAM
   [ ] GPGME
   [ ] Libgcrypt
   [ ] GNU TLS
   [ ] KSBA
   [ ] GPGSM
   [ ] GPGol
   [ ] Smartcard
   [ ] SFSV
   [>] Poldi
[ ] Support
[ ] Consulting
[ ] Contact

->deutsch

Poldi

Poldi is a PAM module implementing challenge/response based authentication through the OpenPGP smartcard. It makes use of several GnuPG components (Libgcrypt, Assuan, Scdaemon, Dirmngr) and currently supports two authentication methods:

  • local-database:
    This method establishs the mapping between user accounts and smartcards through a locally administered database.
  • X509:
    This method uses the PKI infrastructure provided by Dirmngr for validating certificates. OpenPGP smartcards are associated with X509 certificates through the smartcard's ``url'' field; the user account name to use for authentication is extracted from the certificate.
Latest released version of Poldi is 0.4. Please note that this version is still considered experimental.

Download

Latest source tarballs including digital signatures are available at our FTP server.

Screenshots

Since Poldi is a PAM module, it's slightly misleading to speak of Poldi screenshots. Instead we have screenshots of PAM-enabled applications that are configured to use Poldi.
GDM using Poldi su using Poldi

Installation

Installation instructions are contained in the Poldi manual, which is distributed in the Poldi source code package.

Known Problems

It seems there are some problems with SCDaemon in respect to card re-insertion. This needs to be debugged.

Bug reports

Please use the GnuPG bug tracker at bugs.gnupg.org and the category "poldi". If you want to discuss a problem first the gnupg-devel mailing list is the right place.

Development

  • You may view the Subversion repository online at cvs.gnupg.org.
  • Check out the development trunk from the Subversion repository using the command: 
    svn co svn://cvs.gnupg.org/poldi/trunk poldi-trunk

Frequently asked questions

(No, until now these questions have not been asked on a frequently basis. But still I can imagine them to be asked, therefore they are listed here.)

  • Why is it called "Poldi"?
    Poldi is named after the dragon in the old children television series named "Hallo Spencer". For now special reason.
  • Does it work?
    Yes. It seems there are some quirks in respect to SCDaemon, but they will probably be fixed rather soon.
  • It seems it doesn't work with every PAM-enabled application!
    Well, sadly there are some applications which do not have a decent PAM integration. For example, they assume that authentication does always mean username/password authentication. This is wrong and exactly the reason for the development of PAM. If it seems that this is the problem with your application it might make sense to contact the developers of that application.
Copyright (C) 2003, 2005 g10 Code GmbH, Erkrath-Hochdahl.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.