[server] Added GPG_ALLOW_NO_PW variable and associated test suite support
authorMichael Rash <mbr@cipherdyne.org>
Sat, 11 Aug 2012 01:52:09 +0000 (21:52 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 11 Aug 2012 02:20:30 +0000 (22:20 -0400)
commit27ccfe35d36c7ba1d94734fb21a46c77aaf30719
tree94acfb810ab897c08de20cec7ee857eeb87c7728
parent0af3bd0ee10768f6838aafe9fdc66187e5be9ee4
[server] Added GPG_ALLOW_NO_PW variable and associated test suite support

For GPG mode, added a new access.conf variable "GPG_ALLOW_NO_PW" to make it
possible to leverage a server-side GPG key pair that has no associated
password.  This comes in handy when a system requires the user to leverage
gpg-agent / pinentry which can present a problem in automated environments as
required by the fwknopd server.  Now, it might seem like a problem to remove
the passphrase from a GPG key pair, but it's important to note that simply
doing this is little worse than storing the passphrase in the clear on disk
anyway in the access.conf file.  Further, this link help provides additional
detail:

http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-use-gnupg-in-an-automated-environment
12 files changed:
ChangeLog
Makefile.am
server/access.c
server/incoming_spa.c
test/conf/client-gpg-no-pw/pubring.gpg [new file with mode: 0644]
test/conf/client-gpg-no-pw/secring.gpg [new file with mode: 0644]
test/conf/client-gpg-no-pw/trustdb.gpg [new file with mode: 0644]
test/conf/gpg_no_pw_access.conf [new file with mode: 0644]
test/conf/server-gpg-no-pw/pubring.gpg [new file with mode: 0644]
test/conf/server-gpg-no-pw/secring.gpg [new file with mode: 0644]
test/conf/server-gpg-no-pw/trustdb.gpg [new file with mode: 0644]
test/test-fwknop.pl