Polkit auth

Tobias Arrskog topfs2 at xboxmediacenter.com
Fri Apr 15 09:03:56 PDT 2011 

Hi

My question is if its possible to just hook up as a GUI for the
authentication and if its possible to do so on a temporary basis (i.e.
take precedence over an already existant GUI).

And let me explain why we want this, we over at XBMC are trying to integrate
binary addons for our app, while doing so we want to use the system
libraries as much as possible. So our hope is to use packagekit to install
parts (or the entire) binary addons from within XBMC.

The current problem we have right now is that, as you all know, installing
binaries via packagekit requires auth. We obviously don't want to remove
this and would want to have our users input the password from within xbmc
and let polkit auth the packagekit daemon if the auth is ok. The problem
here is that XBMC is a media center and as such a single process desktop
environment. So while in some cases we are the single environment (as with
when we are installed in htpc or set-top-boxes) but we can also be a
temporary environment (as when you launch us as an application from gnome).
In both cases the we are the sole interaction the user has to the system and
we thus need to present the authentication popup inside our GUI and not have
gnome etc do it.

I guess we can do what gnome does and create an auth agent but that agent,
afaict, needs to run as root? Seeing as XBMC is a single process application
we would need to create an extra daemon just for this (very possible
ofcourse) which we can launch when we are not an application, and just relay
the auth to the GUI. This does not work well when we are running as a
termporary desktop environment though (launched from gnome), so is there a
solution which works in this case also?

If possible we would want xbmc to never actually do any of the auth, we just
want to relay the information between the user and the auth system, i.e.
pass password for auth etc.

I realize what we are wanting to do can in some ways be considered a
security breach (as you can do a man in the middle of the auth system) but
it would be lovely if there is some way to achieve it :)

Thanks for your time, I hope I have explained what we are trying to do so
that you guys can tell if its possible somehow, and how in that case, to
achieve this. If not then we need to rethink our addon strategy.

Cheers,
Tobias (topfs2) Arrskog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/polkit-devel/attachments/20110415/a0fa061b/attachment.htm>

More information about the polkit-devel mailing list