3 Write a PID file upon startup to detect a stale socket when running another
6 Bind to the local socket before doing cache pushing.
8 Added command line option --force as an alias to --ignore.
10 Fixed a few cppcheck(1) warnings.
12 Fixed a bug that ignored the return value from launch_pinentry().
14 Added configuration parameter "log_keepopen" for use when logging to a file.
19 More strict element and attribute names. Conform to the XML naming spec.
21 Log any non-fatal XML error. These may occur when loading or parsing
26 Set XML standalone mode; and UTF-8 encoding explicitly (the default).
31 A few "target" attribute fixes.
33 Updated Debian packaging stuff. Try 'make deb'.
38 Fixed the PASSWD command requiring a passphrase for a non-PKI data file
41 Fixed a few memory leaks.
43 The 'OPTION disable-pinentry' now resets the gpg-agent '--pinentry-mode'
46 Fixed new non-PKI data file cache entry getting cleared during SAVE.
48 The CLEARCACHE and CACHETIMEOUT commands now make use of the
49 "tls_access" configuration parameter in a data file section like the
50 OPEN command does. Also added a "-" flag to the fingerprint which
51 behaves like the "!" flag.
56 The "allowed" configuration parameter now works in a data file section
57 and is a list of local user or group names allowed to open the data
58 file. The OPEN, CLEARCACHE and CACHETIMEOUT commands make use of
59 this. This also adds a deny flag '-' to a user or group name.
61 Fixed the cache timer to expire deferred cache entries. No longer need
62 to wait for the next OPEN or SAVE command.
64 Make use of the --no-passphrase option for non-PKI data files. This
65 adds the --no-passphrase option to the PASSWD command.
67 Show a backtrace on SIGABRT.
72 Fix crash when checking the cache status of a new file.
74 Set the default cache_timeout configuration parameter to 600.
76 Set the default keepalive_interval to 60.
78 Fix SAVE not caching new files.
83 This version contains quite a few changes and enhancements. Most
84 commands and syntax have changed in this release so please read the
85 example configuration file and the html or texinfo documentation in
88 You will need to convert your existing pwmd v2.x data file to the new
89 data file format by doing the following:
91 $ pwmd --convert datafile -o newfile
93 then place "newfile" in ~/.pwmd/data. If you built with gpg-agent
94 support by passing --enable-agent to configure, then append
95 --use-agent to the above command line to use the gpg-agent to generate
96 a public and private keypair. No keypair is generated by default; the
97 data file is symmetrically encrypted.
99 Pwmd now supports the use of the gpg-agent for passphrase caching and
100 key management. This means smartcards are also supported. A "stub" of
101 the secret key is stored in the above mentioned key directory, but the
102 secret portion of the key is stored on the smartcard. To convert your
103 existing data while encrypting to an existing public key, pass the
104 --keygrip option with --convert or --import, along with
105 --use-agent. You may also need to pass the --sign-keygrip, too. See
106 the pwmd manual for details.
108 The XML document is now cached in pwmd when the passphrase is also
109 cached. This is needed to prevent requiring a smartcard to be inserted
110 for each OPEN command although it can still be required by setting the
111 CACHETIMEOUT of a data file to 0. Pwmd will operate on a copy of the
112 cached document and update the cached one after a SAVE. It is also
113 much faster than having to decrypt the data file during each OPEN.
114 The cached document is encrypted to prevent memory grepping attacks.
116 Ported to POSIX threads (pthreads).
119 PWMD_LIBXML_ERROR -> GPG_ERR_BAD_DATA
120 PWMD_NO_FILE -> GPG_ERR_INV_STATE
121 PWMD_FILE_MODIFIED -> GPG_ERR_CHECKSUM
123 Most commands now have an --inquire option to retrieve remaining
124 non-option arguments via a server inquire. This avoids the libassuan
125 line length limit for longer element paths.
127 Added the PASSWD command to change the passphrase of a secret key or a
128 symmetrically encrypted key (SAVE --no-agent).
130 The IMPORT command can now import siblings.
132 Added the AGENT command to send a command directly to gpg-agent.
134 Added the GETINFO command to retrieve server details. This removes the
135 VERSION and GETPID commands.
137 Removed the CONFIG and KEEPALIVE status messages.
139 Added the NEWFILE status message to determine when the file OPEN'ed is
142 Added ISCACHED --lock to lock the file mutex. This doesn't require an
143 OPEN'd file. It was added to prevent a race condition with another
144 client accessing the same file when one client needed to determine the
145 cache status before the OPEN.
147 Texinfo documentation and the manual page is generated from the
150 Commands that normally returned GPG_ERR_NO_VALUE now return
153 The --iterations command line, configuration and SAVE options have
154 been renamed to "s2k-count". The PASSWD command can be used to change
155 this value for an existing secret key.
157 The CLEARCACHE command returns an error when the file mutex associated
158 with the data file is locked by another client. Although an error is
159 returned the cached file is flagged for cache removal which will occur
160 when the data file mutex is released.
162 Added LIST --all to retrieve the entire element tree. Flags are
163 appended to each element path when this option is used. See the
164 documentation for details.
166 The checksum is now a CRC32 checksum rather than a stat() of the ctime
169 Can now listen for remote connections via TLS (IPv4 and IPv6) as well
170 as the local UNIX domain socket.
172 Added tests. Run them with 'make tests' in the tests/ directory.
174 More portable: *BSD, SunOS/Solaris/OpenSolaris, Android and Linux and
175 32 and 64 bit versions of these as well as little and big endian.
177 Removed the libglib-2.0 dependency.