Le 02/10/2017 à 16:37, Matthias Apitz a écrit : > El día lunes, octubre 02, 2017 a las 01:35:16p. m. +0200, Franck Routier > escribió: > >> My problem, in addition to the pin being cached "forever" (as long as >> the card is inserted, with no time limit), is that when I remove and >> reinsert the card, it is not recognized unless I restart gpg-agent. >> >> So here is what happens: >> >> card inserted >> pam_poldi.so called (sudo) --> PIN requested >> pam_poldi.so called (sudo) --> no PIN requested >> pam_poldi.so called (sudo) --> no PIN requested >> card removed (I don't like to let my card inserted, with no PIN >> validation needed !) >> card inserted --> card not seen (card error, >> OpenPGP card unavailable) >> gpgconf --kill gpg-agent --> card seen >> pam_poldi.so called (sudo) --> PIN requested >> pam_poldi.so called (sudo) --> no PIN requested >> etc... >> >> Hence my questions: >> 1) can I force PIN for authentication each time I use it (it seems that >> the forcesig option is for signature only, not for authentication) >> 2) what can I do to have my card recognized on reinsert, without >> ressorting to killing gpg-agent >> --> probably with some scd-event magic that's beyond my know-how for >> now... > I'm using the attach 'scd-event' script to lock my display on card > removal and to unlock it on card-insert. The real work in the script is > at line 107++ > > Maybe it can serve you a bit. > > matthias Thanks Matthias for the input. I couldn't make the 'remove card' event trigger anything... (with NOCARD status). After browsing the internet a bit more, I finally tried to install pcscd and tell scdaemon not to use its internal CCID implementation, and this worked... It also solves my other problem (IPN code being cached "forever"), as I suppose pcscd reinitializes the card state after so time.
So this is solved for, by using pcscd. Thanks again, Franck
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users