On Oct 14, 2013, Michael Rash wrote: > On Oct 14, 2013, Damien Stuart wrote: > > > Tim, > > > > Presently, gpgme (as used by libfko), needs gpg1 as gpg2 does not support > > taking passwords non-interactively via gpgme. > > Hmm, I wonder if it might work if the passphrase were removed from the gpg > key on the server side, and then setting GPG_ALLOW_NO_PW?: > > https://github.com/mrash/fwknop/blob/master/ChangeLog#L243 > > I'm hoping to do some testing on this later tonight.
Ok, I've done some testing on CentOS 6.4 with gnupg-2.0.14 (and libgcrypt-1.4.5). As Damien mentioned, gpg2 does not support non-interactive passwords via gpgme, and the test suite confirms this on my setup. Tim, if you run the test suite on your server system as follows you should see similar output I think (this is from the test/ directory in the fwknop sources): # ./test-fwknop.pl --enable-all --disable-valgrind --include GPG <some output removed> [GPG (no pw)] [client+server] complete cycle (tcp/22 ssh)...........pass (1) [GPG (no pw)] [client+server] multi gpg-IDs (tcp/22 ssh)............pass (2) ... [GPG] [client+server] pinentry not required.........................fail (28) The failed test at the end shows that the local gpg installation requires pinentry, but the earlier tests show that gpg works fine with the passphrase removed from the gpg keys. If you remove the passphrase server key and set GPG_ALLOW_NO_PW in the access.conf file, then I believe everything should work properly. I know this probably sounds like a bad idea, but I'd say this provides a good counter argument: http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-use-gnupg-in-an-automated-environment Thanks, --Mike > Thanks, > > --Mike > > > > I recommend trying gpg1. > > > > Regards, > > > > -Damien > > > > > > Sent from my iPad > > > > > On Oct 13, 2013, at 11:30 PM, Tim Heckman <[email protected]> > > > wrote: > > > > > >> On Oct 13, 2013, Michael Rash wrote: > > >> > > >> Hello Tim, > > > > > > Hey Mike, > > > > > > Thank you for getting back to me. Sorry if my email appears out of > > > order, clicked "digest" when subscribing to the list so I'm replying > > > manually. > > > > > >> Looks like the gnupg-2.0.22 release hasn't come through in Ubuntu 13.04 > > >> yet, but I'll upgrade manually in a VM for testing. Quick question - > > >> are the gpg/gpgme/fwknop version numbers the same for the fwknop client > > >> system as well in your setup? (You mentioned "fwknopd" 2.5.1 above, so > > >> I'm assuming those version numbers are for the SPA server system.) > > > > > > You are correct that I was providing version numbers of the SPA > > > server. The local system is OS X 10.8. I'm currently using homebrew to > > > install gpgme (which is at version 1.4.3 as well). I installed the > > > MacGPG2 tools for gpg-related things, and that's currently at gpg > > > version 2.0.20. I can also install gpg1 via homebrew if needed as > > > well. Also, fwknop is the same version on both systems. > > > > > > fwknop should work properly server-side with gpg2, yes? Is there > > > anything in particular I should be doing to have it work. Might giving > > > gpg1 a try give you any valuable information? > > > > > >> This is an opportunity to add a series of new compatibility tests to the > > >> test suite similar to things like this: > > >> > > >> https://github.com/mrash/fwknop/blob/master/test/tests/rijndael_backwards_compatibility.pl#L94 > > >> > > >> I'll get some tests going and report back as soon as I have some > > >> results. > > > > > > Thanks for taking a look, Mike. Let me know if there's anything else I > > > can provide. > > > > > > Cheers! > > > -Tim > > > > > >> Thanks, > > >> > > >> --Mike > > > > > > ------------------------------------------------------------------------------ > > > October Webinars: Code for Performance > > > Free Intel webinars can help you accelerate application performance. > > > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > > > from > > > the latest Intel processors and coprocessors. See abstracts and register > > > > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk > > > _______________________________________________ > > > Fwknop-discuss mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > > > ------------------------------------------------------------------------------ > > October Webinars: Code for Performance > > Free Intel webinars can help you accelerate application performance. > > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > > from > > the latest Intel processors and coprocessors. See abstracts and register > > > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk > > _______________________________________________ > > Fwknop-discuss mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
