scdaemon is run under the account of the current user. This is sometimes problematic if another user needs access to a smartcard. For example on system startup to unlock an encrypted partition and then later to use the smartcard for login. With an scdaemon running as system service things would be easier.

The tentative plan is to optionally allow for this by launching scdaemon on Unix via userv(1) as needed. We need to check whether our session locking is sufficient to work with different users and whether the pinentry will behave correctly. There should also be no leaking of data between sessions - it depends a bit on how this scdaemon service is used: Single user box with service accounts or on a real multi user box.