1 # Example PWMD configuration file. Edit and save to ~/.pwmd/config or
2 # specify with the -f command line option. See the pwmd(1) manual page or the
3 # pwmd.info documentation for complete details of the options.
5 # The global section is for non-file related settings and defaults for data
6 # files without a file section of their own.
9 # Location of the pinentry binary.
10 #pinentry_path=/usr/bin/pinentry
12 # The number of seconds to wait for a pinentry before giving up.
15 # Location of the listening socket.
16 #socket_path=~/.pwmd/socket
18 # Socket permissions. This will override any umask setting.
21 # Usernames or groups obtained via SO_PEERCRED which are allowed to
22 # connect to the socket. Groups should be prefixed with a '@'. When not
23 # specified only the invoking user is allowed.
24 #allowed = username,another_user,@group
26 # When false, disable keeping backups for data files.
32 # Set to true to enable logging to log_path.
35 # Set to true to enable logging to syslog.
38 # The logging level: 0=connections and errors, 1=client commands.
41 # Enable gpg-agent support.
44 # A file containing the environment settings for connecting to gpg-agent.
45 #agent_env_file=/path/to/some/file
47 # Kill the smartcard daemon after each OPEN or SAVE.
50 # Set to false to call mlockall(2) after a client connects. Uses more memory
51 # but is also more secure. Most will probably find it overkill since the
52 # contents of all memory is cleared before being freed.
53 #disable_mlockall=true
55 # Disable the XPATH, LIST and DUMP commands. When "true" and a client sends
56 # these commands the error GPG_ERR_NOT_IMPLEMENTED will be returned.
57 #disable_list_and_dump=false
59 # When sending data to the client an XFER status message will be sent after
60 # N bytes. N is rounded to ASSUAN_LINELENGTH (1002) bytes.
63 # A comma separated list of filenames to add to the file cache upon startup.
64 # You will be prompted for the passphrasefor each file if required. The files
65 # are looked for in ~/.pwmd/data. This also affects rcfile reloading via
67 #cache_push=somefile,anotherfile
69 # The number of seconds to keep a file in the cache. If -1, the file will be
70 # kept forever. If 0 then every OPEN will require a passphrase.
73 # The maximum recursion depth when resolving elements that contain a "target"
74 # attribute. When this value is exceeded an error will be returned.
77 # The priority or nice value of the server process. The default is inherited
78 # from the parent process.
81 # The cipher to use for newly created files.
84 # The number of cipher encryption iterations of the data. This differs from
85 # the s2k_count option (see below) that determines the hash iterations of the
89 # Send a status message to the client after this many encryption/decryption
93 # The key pair algorithm and number of bits to use for newly created files.
97 # The number of passphrase hashing iterations for new files and when changing
98 # the passphrase of a secret key. The default is the calibrated value of the
102 # Whether to enable TCP/TLS server support. If enabled, both TCP and the local
103 # unix domain socket will listen for connections.
106 # If TCP is enabled, the port to listen on.
109 # The network interface to listen on.
112 # The number of seconds to wait for a network read and write to complete
113 # for TLS connections.
116 # A comma separated list of client x509 certificate fingerprints in
117 # SHA-1 format that will be allowed to connect or open a file. See the
118 # documentation for details.
119 #tls_access=ALLOWEDFINGERPRINT,ANOTHERFINGERPRINT
121 # Require the client to provide the key to open a file even if the file is
123 #tcp_require_key=false
125 # The time in tenths of a second to wait for a new TCP connection. Setting to
126 # 0 will disable waiting.
129 # Accept TCP connections from the specified protocol. One of: ipv4, ipv6 or
130 # any. The default is "any".
133 # The GnuTLS cipher suite and protocol to use.
134 #tls_cipher_suite=SECURE256
136 # END GLOBAL SETTINGS
138 # File specific settings are allowed by placing the filename in braces. Each
139 # file can have it's own configuration settings from those listed below.
141 #tls_access=+,!DENIEDFINGERPRINT
144 #passphrase_file=/path/to/file.key