2 # Example PWMD configuration file. Edit and save to ~/.pwmd/config or
3 # specify with the -f command line option.
5 # The global section is for non-file related settings and/or file defaults.
8 # Location of the listening socket.
9 #socket_path=~/.pwmd/socket
11 # Socket permissions. This will override any umask setting.
14 # Where data files will be read and stored.
15 #data_directory=~/.pwmd/data
17 # If false, disable keeping backups for data files.
23 # Set to true to enable logging to log_path.
26 # Set to true to enable logging to syslog.
29 # File and key cache size. Must be in multiples of your systems PAGE_SIZE. The
30 # default below on a x86 Linux system is one page, or 59 files.
33 # Set to false to call mlockall(2) after a client connects. Uses alot more
34 # memory but is also more secure. Most will probably find it overkill since
35 # the contents of all memory is cleared before being freed. Note that this
36 # doesn't affect the file cache which is always stored in RAM (if possible).
37 #disable_mlockall=true
39 # Disable the LIST and DUMP commands. When "true" and a client sends these
40 # commands an error GPG_ERR_NOT_IMPLEMENTED will be returned.
41 #disable_list_and_dump=false
43 # The number of encryption iterations for new files. This is the number of
44 # times the data will be encrypted. Setting this to a high value (10000 or
45 # more, depending on the size of the data file) will slow down dictionary
46 # attacks. Setting to 0 will disable encryption.
49 # After the set number of encryption or decryption iterations have been
50 # processed, a status message with the keyword ENCRYPT or DECRYPT will be
51 # sent to the client. Set to 0 to disable.
54 # A list of filenames separated by commas to add to the file cache upon
55 # startup. You will be prompted for the key for each file if required. The
56 # files are looked for in data_directory.
57 #cache_push=somefile, anotherfile
59 # The number of seconds to keep a file in the cache. If -1, the file will be
60 # kept forever. If 0, then every OPEN and SAVE command will require a key.
63 # Set to false to disable use of pinentry to retrieve keys.
67 # Seconds until the pinentry dialog times out. Set to 0 to wait for input
71 # The default compression level for data files from 1 to 9, 1 being the
72 # fastest but least compression and 9 being the slowest but best compression.
73 # To disable compression entirely, set to 0.
76 # The input and output buffer size when compressing and decompressing. This
77 # affects how often the COMPRESS and DECOMPRESS status messages are sent and
78 # also affects compression quality. Set to a higher value for larger files.
81 # The maximum recursion depth when resolving elements that contain a "target"
82 # attribute. When this value is exceeded an error will be returned.
85 # Sends a KEEPALIVE status message every N seconds. Set to 0 to disable.
88 # The priority or nice value of the server process. The default is inherited
89 # from the parent process.
92 # Whether to enable TCP server support. If enabled, both TCP and the local
93 # unix domain socket will listen for connections.
96 # If TCP is enabled, the port to listen on.
99 # Only useful if running as root.
102 # A comma separated list of client x509 certificate fingerprints in MD5 format
103 # that will be allowed to open a file. If prefixed with !, access is denied
104 # for the connected client. The access control is for filenames and this
105 # option can be in either the global section or a defined filename section. If
106 # not found in either then access will be granted. If defined but empty then
107 # access will be denied.
110 # Require the client to provide the key to open a file even if the file is
112 #tcp_require_key=false
114 # The time in tenths of a second to wait for a new TCP connection. Setting to
115 # 0 will disable waiting.
118 # END GLOBAL SETTINGS
120 # File specific settings are allowed by placing the filename in braces. Each
121 # file can have it's own configuration settings from those listed below.
124 #iteration_progress=0
126 #key_file=/path/to/file.key
128 #enable_pinentry=true
131 #tcp_access=some_md5_hash