diff options
author | fpi | 2021-01-31 15:09:32 +0100 |
---|---|---|
committer | fpi | 2021-01-31 16:56:19 +0100 |
commit | e57df7a5e6950f00a4f3581bc914705d2132d499 (patch) | |
tree | b5ea7c700a255f50c59b015c29a6c06ea97e36c6 | |
parent | Set a default ttl and decrease max ttl (diff) |
Add pam-gnupg to unlock gpg/ssh keys after login
-rw-r--r-- | gpg-agent.org | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/gpg-agent.org b/gpg-agent.org index 75493fa..51f6cec 100644 --- a/gpg-agent.org +++ b/gpg-agent.org @@ -3,6 +3,7 @@ #+BEGIN_SRC sh :tangle tangle/symlink.sh :results silent :shebang "#!/bin/bash" ln -siv $(pwd)/tangle/gpg-agent.conf ~/.gnupg/gpg-agent.conf ln -siv $(pwd)/tangle/sshcontrol ~/.gnupg/sshcontrol +ln -siv $(pwd)/tangle/pam-gnupg ~/.config/pam-gnupg #+END_SRC @@ -25,6 +26,26 @@ allow-loopback-pinentry enable-ssh-support #+end_src -#+begin_src conf :tangle tangle/sshcontrol +#+begin_src conf :tangle tangle/sshcontrol :comments no +4AFDEF6B35160F892F61666CE891B2456D755807 +#+end_src +* Unlocking upon login + +[[https://github.com/cruegge/pam-gnupg][pam-gnupg]] is an alternative to =gnome-keyring= to unlock gpg keys upon login. This only works when user and gpg key share the same passphrase. + +Start it by adding this to the relevant login pam files (in =/etc/pam.d=). +#+begin_src conf :tangle no +auth optional pam_gnupg.so store-only +session optional pam_gnupg.so +#+end_src +Allow preset passphrases for =pam-gnupg=. +#+begin_src conf +allow-preset-passphrase +#+end_src + + +The =pam-gnupg= config file only contains a list of keygrips of keys you want to unlock upon login. It works for both gpg and ssh keys. +#+begin_src conf :tangle tangle/pam-gnupg :comments no +DE37E13DE16DB3219D74410F4C20021624CC19E3 4AFDEF6B35160F892F61666CE891B2456D755807 #+end_src |