PolicyKit, KDE, Qt, and integration
david at fubar.dk
Tue May 26 10:37:51 PDT 2009
On Tue, 2009-05-26 at 19:24 +0200, Dario Freddi wrote:
> > But we might want to break it if something better than PAM comes along.
> > But since libpolkit-agent-1.so is a small library, it shouldn't be very
> > painful and so-name-transitions is a pretty well-understood thing
> > anyway.
> My 2 cents: why not switching to a backend system? It would definitely make
> the transition easier, should the case happen, and will save you a lot of
> possible future work and binary compatibility of polkit-agent. I volunteer for
> helping you: if you're interested in such a thing, this is definitely the
> right time.
Well, the $64,000 question is how the interface from the app to the
authentication system is going to work, e.g. what is expressed in
which is rich enough for PAM and the non-PAM /etc/shadow stuff the
Slackware people wants.
For a multi-factor authentication system that has some features no-one
has even written down yet, it's going to be a lot more complicated. I
mean, it's not unrealistic you want such an authentication system to
also cover cases where you authenticate someone over the network. I
mean, people has lots of ideas about this - but not so many concrete
So I don't think it's going to be useful trying to redesign that
interface until we're in a place where we know how a new authentication
subsystem is going to work.
Also, if one were to push for a new authentication subsystem the number
one item you'd want would be PAM backwards compat. So things would work
fine even if a distro switched to a new system.
So, realistically, I don't think this is a big deal even if we were to
transition to using another authentication subsystem, e.g. bump the
soname for libpolkit-agent-1. Distros would just ship compat packages
for libpolkit-agent-1.so. I mean, it would work because PolicyKit proper
doesn't care about how you authenticate identities.
Also, at the end of the day, an PolicyKit authentication agent is just a
simple app that shows a dialog that interfaces with the authentication
subsystem and talks to the PolicyKit daemon. Rewriting that won't cause
changes in any apps and it wouldn't be a lot of work I think.
More information about the polkit-devel