# Example PWMD configuration file. Edit and save to ~/.pwmd/config or
# specify with the -f command line option. See the pwmd(1) manual page for
# complete details of the options.
#
# The global section is for non-file related settings and defaults for data
# files without a file section.
[global]

# Location of the listening socket.
#socket_path=~/.pwmd/socket

# Socket permissions. This will override any umask setting.
#socket_perms=0600

# Usernames or groups obtained via SO_PEERCRED which are allowed to
# connect to the socket. Groups should be prefixed with a '@'. When not
# specified only the invoking user is allowed.
#allowed = username,another_user,@group

# Where data files will be read and stored.
#data_directory=~/.pwmd/data

# When false, disable keeping backups for data files.
#backup=true

# Log file location.
#log_path=~/.pwmd/log

# Set to true to enable logging to log_path.
#enable_logging=false

# Set to true to enable logging to syslog.
#syslog=false

# The logging level: 0=connections and errors, 1=client commands, 2=client
# commands with command arguments.
#log_level=0

# When set, enable protocol debugging to the specified file. Note that this
# logs all protocol IO so it may also log sensitive data.
#debug_file=~/pwmd.log

# Set to false to call mlockall(2) after a client connects. Uses alot more
# memory but is also more secure. Most will probably find it overkill since
# the contents of all memory is cleared before being freed. Note that this
# doesn't affect the file cache which is always stored in RAM (if possible).
#disable_mlockall=true

# Disable the XPATH, LIST and DUMP commands. When "true" and a client sends
# these commands the error GPG_ERR_NOT_IMPLEMENTED will be returned.
#disable_list_and_dump=false

# The number of encryption iterations for new files. This is the number of
# times the data will be encrypted. Setting this to a high value (10000 or
# more, depending on the size of the data file) will slow down dictionary
# attacks. Setting to 0 will disable encryption.
#iterations=1

# After the set number of encryption or decryption iterations have been
# processed, a status message with the keyword ENCRYPT or DECRYPT will be
# sent to the client. Set to 0 to disable.
#iteration_progress=0

# When sending data to the client an XFER status message will be sent after
# N bytes. N is rounded to ASSUAN_LINELENGTH (1002) bytes.
#xfer_progress=8196

# A list of filenames separated by commas to add to the file cache upon
# startup. You will be prompted for the key for each file if required. The
# files are looked for in data_directory.
#cache_push=somefile,anotherfile

# The number of seconds to keep a file in the cache. If -1, the file will be
# kept forever. If 0 then every OPEN and SAVE command will require a key.
#cache_timeout=-1

# Set to false to disable use of pinentry to retrieve keys.
#enable_pinentry=true

# The full path to the pinentry binary. The default is specified at compile
# time.
#pinentry_path=/usr/bin/pinentry

# Seconds until the pinentry dialog times out. Set to 0 to wait for input
# forever.
#pinentry_timeout=20

# The default compression level for data files from 1 to 9, 1 being the
# fastest but least compression and 9 being the slowest but best compression.
# To disable compression entirely, set to 0.
#compression_level=6

# The input and output buffer size when compressing and decompressing. This
# affects how often the COMPRESS and DECOMPRESS status messages are sent and
# also affects compression quality. Set to a higher value for larger files.
#zlib_bufsize=65536

# The maximum recursion depth when resolving elements that contain a "target"
# attribute. When this value is exceeded an error will be returned.
#recursion_depth=20

# The priority or nice value of the server process. The default is inherited
# from the parent process.
#priority=10

# The cipher to use for newly created files.
#cipher=aes256

# END GLOBAL SETTINGS

# File specific settings are allowed by placing the filename in braces. Each
# file can have it's own configuration settings from those listed below.
#[somefile]
#cache_timeout=300
#iteration_progress=0
#key=password
#key_file=/path/to/file.key
#compression_level=0
#enable_pinentry=true
#pinentry_timeout=20
#backup=true