diff options
| author | Werner Koch <[email protected]> | 2015-05-11 16:08:44 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-05-11 16:14:28 +0000 |
| commit | d7293cb317acc40cc9e5189cef33fe9d8b47e62a (patch) | |
| tree | c4f78a96da5769cdbb52fc10fe237a9f6c64520c /doc/gpg-agent.texi | |
| parent | agent: Add strings for use by future Pinentry versions. (diff) | |
| download | gnupg-d7293cb317acc40cc9e5189cef33fe9d8b47e62a.tar.gz gnupg-d7293cb317acc40cc9e5189cef33fe9d8b47e62a.zip | |
agent: Add option --no-allow-external-cache.
* agent/agent.h (opt): Add field allow_external_cache.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oNoAllowExternalCache): New.
(opts): Add option --no-allow-external-cache.
(parse_rereadable_options): Set this option.
--
Pinentry 0.9.2 may be build with libsecret support and thus an extra
checkbox is displayed to allow the user to get passwords out of an
libsecret maintained cache. Security aware user may want to avoid
this feature and may do this at runtime by enabling this option.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'doc/gpg-agent.texi')
| -rw-r--r-- | doc/gpg-agent.texi | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 469c76203..dea462e0d 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -377,6 +377,19 @@ Allow clients to use the loopback pinentry features; see the option @option{pinentry-mode} for details. @end ifset +@ifset gpgtwoone +@item --no-allow-external-cache +@opindex no-allow-external-cache +Tell Pinentry not to enable features which use an external cache for +passphrases. + +Some desktop environments prefer to unlock all +credentials with one master password and may have installed a Pinentry +which employs an additional external cache to implement such a policy. +By using this option the Pinentry is advised not to make use of such a +cache and instead always ask the user for the requested passphrase. +@end ifset + @item --ignore-cache-for-signing @opindex ignore-cache-for-signing This option will let @command{gpg-agent} bypass the passphrase cache for all @@ -762,6 +775,7 @@ again. Only certain options are honored: @code{quiet}, @code{debug-pinentry}, @code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl}, @code{ignore-cache-for-signing}, +@code{no-allow-external-cache}, @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and @code{disable-check-own-socket}. @code{scdaemon-program} is also supported but due to the current implementation, which calls the |