libhal-policy -> PolicyKit

Ludwig Nussel ludwig.nussel at
Fri Mar 10 01:23:58 PST 2006

On Friday 10 March 2006 01:44, David Zeuthen wrote:
>  # This per-policy setting overrides the settings and configuration
>  # in /etc/PolicyKit/PolicyKit.policy - all keys are optional
>  [Auth]
>  AuthAllow=true               # whether the user without this privilege 
>                               # can auth to gain this privilege
>  AuthRequireSUPassword=true   # require super user password for auth
>  AuthRequireOwnPassword=false # require users own password for auth

PAM decides what kind of credentials are required for
authentication. So if it decides that a password is needed it should
also decide which password to actually ask for IMO. I.e. asking for
the calling user's password needs to be implemented in pam_unix
resp. pam_unix2.
> I wonder if we should factor in console users in the Allow, Deny
> sections and completely remove the "at_console" directive in the HAL
> D-BUS policy configuration file (hal.conf). Probably too early to tell..

I don't like at_console anyways. On SUSE it currently maps to the
resmgr's 'desktop' class which is too coarse grained for my taste.


 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development

More information about the hal mailing list