poldi: [PATCH] Add option 'killscd'.
NIIBE Yutaka
gniibe at fsij.org
Mon Mar 2 05:55:06 CET 2020
Ben Kibbey <bjk at luxsci.net> wrote:
> According to the manual page of scdaemon, when 'card-timeout' is
> non-zero in /etc/poldi/scdaemon.conf the card should be powered down
> after the next timer tick.
Yes. The option is deprecated. I pushed the change of the manual in
master, perhaps, I need to apply the change to 2.2, too.
> This doesn't seem to work: I can lock my X session, then unlock it
> without the pin of the card. I am using xlockmore as the screen
> locker.
IIUC, a single process of xlockmore keeps running under a user's
session. If so, the behaviour can be explained.
> The attached patch fixes things by sending KILLSCD to scdaemon when
> 'killscd' is set in /etc/poldi/poldi.conf.
I see your intention of killing scdaemon. But, I'm afraid if it really
matches (a typical) expected behaviour with screen locker / sudo.
I think that the card should reset (to nullify existing verification
status) _before_ poldi tries to use it for the authentication. And
after unlocking a screen, it is OK (or good) to keep card's verification
status; A user can use the card for SSH with no further verification.
--
More information about the Gnupg-devel
mailing list