libhal-policy -> PolicyKit
Ludwig Nussel
ludwig.nussel at suse.de
Fri Mar 10 01:23:58 PST 2006
On Friday 10 March 2006 01:44, David Zeuthen wrote:
> # This per-policy setting overrides the settings and configuration
> # in /etc/PolicyKit/PolicyKit.policy - all keys are optional
> [Auth]
> AuthAllow=true # whether the user without this privilege
> # can auth to gain this privilege
>
> AuthRequireSUPassword=true # require super user password for auth
>
> AuthRequireOwnPassword=false # require users own password for auth
PAM decides what kind of credentials are required for
authentication. So if it decides that a password is needed it should
also decide which password to actually ask for IMO. I.e. asking for
the calling user's password needs to be implemented in pam_unix
resp. pam_unix2.
> I wonder if we should factor in console users in the Allow, Deny
> sections and completely remove the "at_console" directive in the HAL
> D-BUS policy configuration file (hal.conf). Probably too early to tell..
I don't like at_console anyways. On SUSE it currently maps to the
resmgr's 'desktop' class which is too coarse grained for my taste.
cu
Ludwig
--
(o_ Ludwig Nussel
//\ SUSE LINUX Products GmbH, Development
V_/_ http://www.suse.de/
More information about the hal
mailing list