[arch-general] [pam/consolekit] Help needed for desktop permission handling
Ionuț Bîru
ibiru at archlinux.org
Mon Nov 22 14:01:48 CET 2010
On 11/21/2010 04:55 PM, Andreas Radke wrote:
> Recent display managers (gdm, kdm and lxdm) can handle their own
> polkit/consolekit session through pam access. The gnome/xfce4-session
> packages only have basic access to consolekit and since the consolekit
> 0.4.2 in testing they can't deal with it anymore.
indeed in consolekit 0.4.2 the default behavior is to not trust anyone
unless is specified by a third party like gdm/kdm/etc. For other we need
to authorized them using pam
>
> As a workaround I have plans to ship files in xfce4-session as proto
> files where the admin can add users or groups to allow certain actions:
> /etc/polkit-1/localauthority/50-local.d/org.freedesktop.upower.pkla and
> /etc/polkit-1/localauthority/50-local.d/org.freedesktop.consolekit.pkla
> and maybe one for udisk
> something like https://aur.archlinux.org/packages.php?ID=42669 .
> This could also be done each in the consolekit/upower/udisks packages.
>
the last one we rejected https://bugs.archlinux.org/task/21029 couples
of weeks ago.
> But all this is crap working around some nasty bugs in our
> pam pkg not allowing direct access to consolekit. Please have a look at
>
> https://bugs.archlinux.org/task/17188
> https://bugs.archlinux.org/task/21391
>
first one is a must for easy management in the future
--
Ionuț
More information about the arch-general
mailing list