1 Password Manager Daemon is a server that provides a way for applications to
2 securely store and retrieve data at a centralized location. The data is stored
3 in an XML file and clients connect and send commands to manipulate the data.
4 Some of the features include:
6 * Multi-threaded. More than one client may access the data at the same
8 * Optional AES256 data file encryption.
9 * A key cache so clients won't need to enter a key each time a file is
11 * Key retrieval via pinentry(1).
12 * Local Unix Domain Socket connections.
13 * IPv4 and IPv6 encrypted connections with file access control.
14 * Configuration file which supports file specific settings including:
15 encryption iterations, cache expiration and encryption key or key file
17 * Compressed data file support.
18 * Logging to file and/or syslog.
19 * Secure memory usage. PWMD will zero out memory before freeing it and
20 also has the option to lock the entire process in RAM to avoid swapping
21 the data to virtual memory.
23 I needed this because I use a few applications that require the same
24 credentials but hate having to update all those configuration files to reflect
25 any changes. This way, there is a central location for the needed data.
30 libpth2 - http://www.gnu.org/software/pth/pth.html
31 Portable multi-threading library.
33 libassuan - http://www.gnupg.org
34 Protocol. Version 1.0.5 or later is required.
36 libgnutls - http://www.gnu.org/software/gnutls
37 Optional unless using --enable-tcp for remote host support.
38 Version 2.6.2 is recommended but not required. This version
39 fixes a security bug when verifying self-signed
42 libgpg-error - http://www.gnupg.org
45 glib2 - http://www.gtk.org
46 Portability library among other things.
48 libxml2 - http://xmlsoft.org
49 For XML parsing and data manipulation.
51 libgcrypt - http://www.gnupg.org
52 Encryption, decryption and hashing.
54 libz - http://www.zlib.net
55 For compressing the data file. Version 1.2.2.1 or later is
58 pinentry - http://www.gnupg.org/aegypten
59 There are various interfaces for password entry:
60 console/curses, X11/GTK2, X11/QT. The X11 versions also
61 support console/curses. Version 0.7.5 or later is required
62 unless --disable-pinentry is passed to ./configure.
64 cracklib2 - http://sourceforge.net/projects/cracklib
65 If --enable-quality is passed to ./configure then a
66 password quality meter is used with pinentry. Optional.
70 There are a few commands that can connect to pwmd either locally or to a
73 socat GOPEN:$HOME/.pwmd/socket -
74 echo command | pwmc filename
75 socat OPENSSL:hostname:6466,cafile=ca-cert.pem,cert=client-cert.pem,\
77 gnutls-cli --x509certfile client-cert.pem --x509keyfile client-key.pem \
78 --x509cafile ca-cert.pem -p 6466 hostname
79 openssl s_client -connect hostname:6466 -cert client-cert.pem \
80 -key client-key.pem -CAfile ca-cert.pem
82 Libpwmd is a library making it easy for applications to use pwmd. There is
83 also a command line pwmd client "pwmc" included. You can find it at the pwmd
84 homepage. There are also some patches already written (some could use
85 improvement) for a few apps too.
87 Read COMMANDS for protocol commands and syntax. Feel free to send me any
88 patches, bug reports or feature requests.
93 There is a public GIT repository available at repo.or.cz. Anonymous checkouts
96 git clone git://repo.or.cz/pwmd.git
98 The gitweb interface can be viewed at http://repo.or.cz/w/pwmd.git.
100 Ben Kibbey <bjk@luxsci.net>
101 http://bjk.sourceforge.net/pwmd/