auth_admin_keep_always discrepancy
James Westby
jw+debian at jameswestby.net
Fri Sep 4 05:15:14 PDT 2009
Hi,
It's come to my attention that there seems to be a discrepancy in the meaning
of auth_admin_keep_always between the GNOME and KDE agents (old polkit).
GNOME seems to treat it as "allow the user to choose to store the authorization
for ever", whereas KDE seems to treat it as "default to storing the
authorization for ever", which introduces serious difficulty in choosing which
to use. Similar discrepancies seem to occur for keep_session and the non-admin
cases.
http://hal.freedesktop.org/docs/PolicyKit/PolicyKit.conf.5.html states:
auth_admin_keep_always
Access denied, but authentication of the caller as an administrative
user will grant access any caller with the given uid in the future.
which isn't entirely clear.
The agents should unify on this (though this version of polkit is almost
deprecated), so which interpretation is correct?
Is there a similar ambiguity in polkit-1?
Thanks,
James
More information about the polkit-devel
mailing list