3 The "allowed" configuration parameter now works in a data file section
4 and is a list of local user or group names allowed to open the data
5 file. The OPEN, CLEARCACHE and CACHETIMEOUT commands make use of
6 this. This also adds a deny flag '-' to a user or group name.
8 Fixed the cache timer to expire deferred cache entries. No longer need
9 to wait for the next OPEN or SAVE command.
11 Make use of the --no-passphrase option for non-PKI data files. This
12 adds the --no-passphrase option to the PASSWD command.
14 Show a backtrace on SIGABRT.
19 Fix crash when checking the cache status of a new file.
21 Set the default cache_timeout configuration parameter to 600.
23 Set the default keepalive_interval to 60.
25 Fix SAVE not caching new files.
30 This version contains quite a few changes and enhancements. Most
31 commands and syntax have changed in this release so please read the
32 example configuration file and the html or texinfo documentation in
35 You will need to convert your existing pwmd v2.x data file to the new
36 data file format by doing the following:
38 $ pwmd --convert datafile -o newfile
40 then place "newfile" in ~/.pwmd/data. If you built with gpg-agent
41 support by passing --enable-agent to configure, then append
42 --use-agent to the above command line to use the gpg-agent to generate
43 a public and private keypair. No keypair is generated by default; the
44 data file is symmetrically encrypted.
46 Pwmd now supports the use of the gpg-agent for passphrase caching and
47 key management. This means smartcards are also supported. A "stub" of
48 the secret key is stored in the above mentioned key directory, but the
49 secret portion of the key is stored on the smartcard. To convert your
50 existing data while encrypting to an existing public key, pass the
51 --keygrip option with --convert or --import, along with
52 --use-agent. You may also need to pass the --sign-keygrip, too. See
53 the pwmd manual for details.
55 The XML document is now cached in pwmd when the passphrase is also
56 cached. This is needed to prevent requiring a smartcard to be inserted
57 for each OPEN command although it can still be required by setting the
58 CACHETIMEOUT of a data file to 0. Pwmd will operate on a copy of the
59 cached document and update the cached one after a SAVE. It is also
60 much faster than having to decrypt the data file during each OPEN.
61 The cached document is encrypted to prevent memory grepping attacks.
63 Ported to POSIX threads (pthreads).
66 PWMD_LIBXML_ERROR -> GPG_ERR_BAD_DATA
67 PWMD_NO_FILE -> GPG_ERR_INV_STATE
68 PWMD_FILE_MODIFIED -> GPG_ERR_CHECKSUM
70 Most commands now have an --inquire option to retrieve remaining
71 non-option arguments via a server inquire. This avoids the libassuan
72 line length limit for longer element paths.
74 Added the PASSWD command to change the passphrase of a secret key or a
75 symmetrically encrypted key (SAVE --no-agent).
77 The IMPORT command can now import siblings.
79 Added the AGENT command to send a command directly to gpg-agent.
81 Added the GETINFO command to retrieve server details. This removes the
82 VERSION and GETPID commands.
84 Removed the CONFIG and KEEPALIVE status messages.
86 Added the NEWFILE status message to determine when the file OPEN'ed is
89 Added ISCACHED --lock to lock the file mutex. This doesn't require an
90 OPEN'd file. It was added to prevent a race condition with another
91 client accessing the same file when one client needed to determine the
92 cache status before the OPEN.
94 Texinfo documentation and the manual page is generated from the
97 Commands that normally returned GPG_ERR_NO_VALUE now return
100 The --iterations command line, configuration and SAVE options have
101 been renamed to "s2k-count". The PASSWD command can be used to change
102 this value for an existing secret key.
104 The CLEARCACHE command returns an error when the file mutex associated
105 with the data file is locked by another client. Although an error is
106 returned the cached file is flagged for cache removal which will occur
107 when the data file mutex is released.
109 Added LIST --all to retrieve the entire element tree. Flags are
110 appended to each element path when this option is used. See the
111 documentation for details.
113 The checksum is now a CRC32 checksum rather than a stat() of the ctime
116 Can now listen for remote connections via TLS (IPv4 and IPv6) as well
117 as the local UNIX domain socket.
119 Added tests. Run them with 'make tests' in the tests/ directory.
121 More portable: *BSD, SunOS/Solaris/OpenSolaris, Android and Linux and
122 32 and 64 bit versions of these as well as little and big endian.
124 Removed the libglib-2.0 dependency.