| blob | 5b5e1cf4583aab8dcd4797669a8974c7dfa3bcde |
1 Password Manager Daemon is a server that provides a way for applications to
2 securely store and retrieve data at a centralized location. The data is stored
3 in an XML file and clients connect and send commands to manipulate the data.
4 Some of the features include:
6 * Multi-threaded. More than one client may access the data at the same
7 time.
8 * Optional AES256 data file encryption.
9 * A key cache so clients won't need to enter a key each time a file is
10 opened or saved.
11 * Key retrieval via pinentry(1).
12 * Local Unix Domain Socket connections.
13 * IPv4 and IPv6 encrypted connections via GnuTLS using certificate
14 authentication.
15 * Configuration file which supports file specific settings including:
16 encryption iterations, cache expiration and encryption key or key file
17 and more.
18 * Compressed data file support.
19 * Logging to file and/or syslog.
20 * Secure memory usage. PWMD will zero out memory before freeing it and
21 also has the option to lock the entire process in RAM to avoid swapping
22 the data to virtual memory.
24 I needed this because I use a few applications that require the same
25 credentials but hate having to update all those configuration files to reflect
26 any changes. This way, there is a central location for the needed data.
28 Requirements:
29 -------------
31 libpth2 - http://www.gnu.org/software/pth/pth.html
32 Portable multi-threading library.
34 libgnutls - http://www.gnu.org/software/gnutls
35 Optional unless using --enable-tcp for remote host support.
36 Version 2.6.2 is recommended but not required. This version
37 fixes a security bug when verifying self-signed
38 certificates. Your distribution may have a backported
39 version that includes a fix for this somewhat serious bug.
41 libgpg-error - http://www.gnupg.org
42 Error handling.
44 glib2 - http://www.gtk.org
45 Portability library among other things.
47 libxml2 - http://xmlsoft.org
48 For XML parsing and data manipulation.
50 libgcrypt - http://www.gnupg.org
51 Encryption, decryption and hashing.
53 libz - http://www.zlib.net
54 For compressing the data file. Version 1.2.2.1 or later is
55 required.
57 pinentry - http://www.gnupg.org/aegypten
58 There are various interfaces for password entry:
59 console/curses, X11/GTK2, X11/QT. The X11 versions also
60 support console/curses. Version 0.7.5 or later is required
61 unless --disable-pinentry is passed to ./configure.
63 cracklib2 - http://sourceforge.net/projects/cracklib
64 If --enable-quality is passed to ./configure then a
65 password quality meter is used with pinentry. Optional.
67 libacl - ftp://acl.bestbits.at
68 To retain an ACL for a data file. Optional.
71 Connecting:
72 -----------
73 There are a few commands that can connect to pwmd either locally or to a
74 remote pwmd:
76 socat GOPEN:$HOME/.pwmd/socket -
77 echo command | pwmc filename
78 socat OPENSSL:hostname:6466,cafile=ca-cert.pem,cert=client-cert.pem,\
79 key=client-key.pem -
80 gnutls-cli --x509certfile client-cert.pem --x509keyfile client-key.pem \
81 --x509cafile ca-cert.pem -p 6466 hostname
82 openssl s_client -connect hostname:6466 -cert client-cert.pem \
83 -key client-key.pem -CAfile ca-cert.pem
85 Libpwmd is a library making it easy for applications to use pwmd. There is
86 also a command line pwmd client "pwmc" included. You can find it at the pwmd
87 homepage. There are also some patches already written (some could use
88 improvement) for a few apps too.
91 GIT Repository
92 --------------
93 There is a public GIT repository available at repo.or.cz. Anonymous checkouts
94 can be done by:
96 git clone git://repo.or.cz/pwmd.git
98 The gitweb interface can be viewed at http://repo.or.cz/w/pwmd.git.
101 Read COMMANDS for protocol commands and syntax. Feel free to send me any
102 patches, bug reports or feature requests.
104 Ben Kibbey <bjk@luxsci.net>
105 http://bjk.sourceforge.net/pwmd/