-
-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keychain caching on macOS should be opt-in #93
Comments
pinentry-mac is a large GnuPG-derived dependency and it has the fairly incorrect default of saving the PIN in the Keychain, against even the pinentry docs. Instead, on macOS just use AppleScript. Fixes FiloSottile#93
I accidentally upgraded my
So is using a keychain good or bad? @FiloSottile As a user, I'd like to have Keychain support back, and I could see if I can rig something up where yubikey-agent shells out to the macos |
#46 introduced opt-in external caching of the PIN by passing
allow-external-password-cache
to pinenetry. pinenetry-mac regrettably checks that box by default. We should find a way to disable that.We should also document that this is supported, as it makes for a nice flow where a very complex PIN is used to tie a YubiKey Nano to the machine it's plugged in.
The text was updated successfully, but these errors were encountered: