Hi Markus, What you are seeing with gnome-keyring is normal. The database of gnome-keyring is encrypted with a password that is usually the same as the login password. Therefore when you login with password, your gnome-keyring database gets automatically decrypted and you can access your WPA protected Wifi (if using network-manager) network without entering any additional password. Now when you login with an OpenPGP card, you can no longer decrypt the gnome-keyring database. I haven't found a practical way to avoid that. One alternative could be to use an encrypted space (truecrypt/encfs...) to store the gnome-keyring database and other home related information and therefore get rid of the gnome-keyring password. But you will still have to enter a password to unlock this encrypted space ;(
Alphazo On Sun, Dec 12, 2010 at 6:10 PM, Markus Krainz <[email protected]> wrote: > Hi Alphazo, > > thanks for this great howto. I got it working right away. > Where I still have problems: The gnome-keyring (seahorse), still demands > the user-password. Also I often have to unplug and replug the reader to > authenticate. This works, but it is very inconvenient. > > Regards, > Markus > > > > On 2010-11-27 08:31, wrote: > > Hi Markus, > > Poldi tutorials are outdated. The new versions is configured > differently. Poldi 0.4.1 works flawlessly with my Cryptostick token (OpenPGP > card V2) for PAM authentication > > I used the default /etc/poldi/poldi.conf > *auth-method localdb > log-file /var/log/poldi.log > debug > scdaemon-program /usr/bin/scdaemon > * > Added one line to /etc/poldi/localdb/users with CryptoStick's serial number > (get it from gpg --card status | grep Application) : > * D1234678912346789123467891234678 alpha* > > And they dumped the public key from my Cryptostick into poldi local db: > *sudo poldi-ctrl -k > /etc/poldi/localdb/keys/* > D1234678912346789123467891234678 > > The rest is pretty standard as it requires to modify pam configuration > files. I keep the possibility to log in with password for the moment so I > just added in /etc/pam.d/gdm /etc/pam.d/login /etc/pam.d/sudo > /etc/pam.d/gnome-screensaver: > *auth sufficient pam_poldi.so* > > That's it really! > > One more thing, for better stability I recommend to disable opensc daemon > when using Cryptostick. I had it enabled because I was playing with a > PKCSC#11 token and got all sort of problems. I also had opensc-pkcs11.so > module loaded in Thunderbird that had a tendency to restart opensc daemon > also. So best is to disable it too. > >
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
