[arch-general] [pam/consolekit] Help needed for desktop permission handling

Seblu seblu at seblu.net
Mon Jan 31 02:40:37 EST 2011


On Mon, Nov 22, 2010 at 2:01 PM, Ionuț Bîru <ibiru at archlinux.org> wrote:
> On 11/21/2010 04:55 PM, Andreas Radke wrote:
>
>> Recent display managers (gdm, kdm and lxdm) can handle their own
>> polkit/consolekit session through pam access. The gnome/xfce4-session
>> packages only have basic access to consolekit and since the consolekit
>> 0.4.2 in testing they can't deal with it anymore.
>
> indeed in consolekit 0.4.2 the default behavior is to not trust anyone
> unless is specified by a third party like gdm/kdm/etc. For other we need to
> authorized them using pam
>>
>> As a workaround I have plans to ship files in xfce4-session as proto
>> files where the admin can add users or groups to allow certain actions:
>> /etc/polkit-1/localauthority/50-local.d/org.freedesktop.upower.pkla and
>> /etc/polkit-1/localauthority/50-local.d/org.freedesktop.consolekit.pkla
>> and maybe one for udisk
>> something like https://aur.archlinux.org/packages.php?ID=42669 .
>> This could also be done each in the consolekit/upower/udisks packages.
>>
>
> the last one we rejected https://bugs.archlinux.org/task/21029 couples of
> weeks ago.
>
>> But all this is crap working around some nasty bugs in our
>> pam pkg not allowing direct access to consolekit. Please have a look at
>>
>> https://bugs.archlinux.org/task/17188
>> https://bugs.archlinux.org/task/21391
>>
>
> first one is a must for easy management in the future
>
Hello, I dug up this old thread to know if someone find a suitable
solution to use slim (or startx) + window manager working correctly
with consolekit > 0.4.1 ?

Slim was recently updated with a patch which remove "Host" setting
from PAM and Ionut updated shadow package to add pam_ck_connector to
pam login.

I make some test tonight and i don't find a right way to have active =
TRUE and is-local = TRUE in ck-list-session with slim login or from a
startx from a console shell.
My best solution is with is-local=TRUE and active = FALSE (with this,
networkmanger is not working!).

Someone succeeded?

Regards,

-- 
Sébastien Luttringer
www.seblu.net


More information about the arch-general mailing list