<div class="gmail_quote">On Sat, Apr 16, 2011 at 3:38 PM, David Zeuthen <span dir="ltr"><<a href="mailto:zeuthen@gmail.com">zeuthen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> Hi,<br> <div class="im"><br> On Fri, Apr 15, 2011 at 12:03 PM, Tobias Arrskog<br> <<a href="mailto:topfs2@xboxmediacenter.com">topfs2@xboxmediacenter.com</a>> wrote:<br> > I guess we can do what gnome does and create an auth agent but that agent,<br> > afaict, needs to run as root?<br> <br> </div>No, this does not require root - when authenticating an user (and only<br> when doing that), however, the libpolkit-agent library calls upon a<br> setuid root helper for authentication.<br> <div class="im"><br> > Seeing as XBMC is a single process application<br> > we would need to create an extra daemon just for this<br> <br> </div>You can easily do this from within your main process (that's what<br> GNOME Shell is doing) without creating any extra process.<br> <br> Of course, if an existing authentication agent exists for the session<br> in question, then you trying to become an authentication agent will<br> fail (as it should). FYI, the docs have some information about writing<br> authentication agents, see:<br> <br> <a href="http://hal.freedesktop.org/docs/polkit/polkit-agents.html" target="_blank">http://hal.freedesktop.org/docs/polkit/polkit-agents.html</a></blockquote><div><br></div><div>Oh interesting, I think I may have read in the wrong documents then, the ones I read seemed to be in regards to actually setuid on a process. Thanks so very much for that link. It looks to be much more in line to what I want.</div> <div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> FWIW, I disagree that your app (or any full-screen app) should take on<br> the role of an authentication agent if running under e.g. GNOME or KDE<br> or whatever. And, FWIW, I think it will work just fine under e.g.<br> GNOME Shell where the authentication agent works like this<br> <br> <a href="http://davidz25.blogspot.com/2011/02/gnome-3-authorization.html" target="_blank">http://davidz25.blogspot.com/2011/02/gnome-3-authorization.html</a><br> <br> e.g. properly fades down the screen.<br> <font color="#888888"><br> David<br></font></blockquote><div><br></div><div>The problem is mostly when you have a user which uses a non-keyboard to navigate XBMC (you can use LIRC devices but also gamepads and even phones to navigate). We have a virtual keyboard which these devices can use (if they need to) so if a user uses one of these non-HID devices they would actually get stuck when the gnome3 auth pops up.</div> <div><br></div><div>That being said, if its not possible (and not wanted by you guys to allow this) its not a catastrophe as most users using xbmc from within gnome/kde will have a keyboard accessible (or are using xbmc with a keyboard). So allowing xbmc to temporarily take over auth from gnome/kde would mostly be a niceness feature, one I thought worthy to bring up here for consideration. Overall the gnome3 auth should work quite well for the majority of the users in this case no matter.</div> <div><br></div><div>Cheers,</div><div>Tobias</div></div><br>