This page is heavily out of date - please check out gnupg.org for maintained
Poldi is a PAM module implementing challenge/response based
the OpenPGP smartcard.
It makes use of several GnuPG components (Libgcrypt, Assuan, Scdaemon,
Dirmngr) and currently supports two authentication methods:
Latest released version of Poldi is 0.4. Please note that this
version is still considered experimental.
This method establishs the mapping between user accounts and
smartcards through a locally administered database.
This method uses the PKI infrastructure provided by Dirmngr for
validating certificates. OpenPGP smartcards are associated with X509
certificates through the smartcard's ``url'' field; the user account
name to use for authentication is extracted from the certificate.
Latest source tarballs including digital signatures are available at
our FTP server.
Since Poldi is a PAM module, it's slightly misleading to speak of
Poldi screenshots. Instead we have screenshots of PAM-enabled
applications that are configured to use Poldi.
Installation instructions are contained in the Poldi manual, which is
distributed in the Poldi source code package.
It seems there are some problems with SCDaemon in respect to card
re-insertion. This needs to be debugged.
Please use the GnuPG bug tracker at
bugs.gnupg.org and the category
"poldi". If you want to discuss a problem first the
mailing list is the right place.
Frequently asked questions
(No, until now these questions have not been asked on a frequently
basis. But still I can imagine them to be asked, therefore they are
- Why is it called "Poldi"?
Poldi is named after the dragon in the old children television series
named "Hallo Spencer". For now special reason.
- Does it work?
Yes. It seems there are some quirks in respect to SCDaemon, but they
will probably be fixed rather soon.
- It seems it doesn't work with every PAM-enabled application!
Well, sadly there are some applications which do not have a decent PAM
integration. For example, they assume that authentication does always
mean username/password authentication. This is wrong and exactly the
reason for the development of PAM. If it seems that this is the
problem with your application it might make sense to contact the
developers of that application.