[arch-general] [pam/consolekit] Help needed for desktop permission handling

Ionuț Bîru ibiru at archlinux.org
Mon Nov 22 14:01:48 CET 2010

On 11/21/2010 04:55 PM, Andreas Radke wrote:

> Recent display managers (gdm, kdm and lxdm) can handle their own
> polkit/consolekit session through pam access. The gnome/xfce4-session
> packages only have basic access to consolekit and since the consolekit
> 0.4.2 in testing they can't deal with it anymore.

indeed in consolekit 0.4.2 the default behavior is to not trust anyone 
unless is specified by a third party like gdm/kdm/etc. For other we need 
to authorized them using pam
> As a workaround I have plans to ship files in xfce4-session as proto
> files where the admin can add users or groups to allow certain actions:
> /etc/polkit-1/localauthority/50-local.d/org.freedesktop.upower.pkla and
> /etc/polkit-1/localauthority/50-local.d/org.freedesktop.consolekit.pkla
> and maybe one for udisk
> something like https://aur.archlinux.org/packages.php?ID=42669 .
> This could also be done each in the consolekit/upower/udisks packages.

the last one we rejected https://bugs.archlinux.org/task/21029 couples 
of weeks ago.

> But all this is crap working around some nasty bugs in our
> pam pkg not allowing direct access to consolekit. Please have a look at
> https://bugs.archlinux.org/task/17188
> https://bugs.archlinux.org/task/21391

first one is a must for easy management in the future


More information about the arch-general mailing list