[systemd-devel] Password agent for user services
smcv at collabora.com
Tue May 28 13:05:34 UTC 2019
On Mon, 20 May 2019 at 11:49:42 +0200, Lennart Poettering wrote:
> Ideally some infrastructure like PK would supply this mechanism
> instead of us btw.
polkit is for controlled privilege escalation where an unprivileged user
asks a privileged system service to do something, and the system service
asks polkit whether that should be allowed to happen, with possible answers
that include yes, no, or a sudo-like "only if you re-authenticate first".
It also isn't an early-boot service (it needs D-Bus).
Things like prompting for the password for a LUKS volume are really
outside the scope of polkit, but it might make sense for there to be
some lower-level system-wide password prompting concept that can be used
by multiple things that need passwords: systemd, LUKS volume mounting,
polkit agents (the part that implements the "only if you re-authenticate"
policy), gnome-keyring, sudo and so on.
More information about the systemd-devel