auth_admin_keep_always discrepancy
David Zeuthen
david at fubar.dk
Fri Sep 18 09:50:52 PDT 2009
On Fri, 2009-09-18 at 17:45 +0100, James Westby wrote:
> On Fri Sep 18 16:34:20 +0100 2009 David Zeuthen wrote:
> > I don't think either GNOME or KDE is wrong or right here. If I
> > understand correctly the KDE authentication dialog for PolicyKit 0.9.x
> > simply doesn't allow the user to not retain the authorization?
>
> No, it apparently defaults to retaining it.
That's what I meant (too many double negations I guess).
> > I'm not sure how this affects authors of Mechanisms either - I mean, if
> > the author of a Mechanism decides that auth_self_keep_always is a good
> > default (because the action isn't very "dangerous") then it's all good.
> > If the action was "dangerous" (such as installing an unsigned package)
> > the mechanism author would choose not to allow the user to keep the
> > authorization.
>
> Well, I'm perhaps overstating the importance, but without a defined
> behaviour for the options it's hard to know which to choose.
It really shouldn't matter to a Mechanism author how the Authentication
Agent works and it would be a bug to assume anything about it (including
that an Authentication Agent exists at all). This is true for both the
old and the new PolicyKit.
FWIW, with the new PolicyKit, the Authentication Agent may not even draw
dialogs in the users session - it could easily be a separate hardware
device with a big red button and a separate display. Or some UI running
on e.g. an iPhone. Or some UI running in a separate "Secure Desktop"
session (krh and I want to do that using the Wayland system compositor).
Thanks,
David
More information about the polkit-devel
mailing list