Warning, /plasma/plasma-workspace/doc/PolicyKit-kde/authorizationagent.docbook is written in an unsupported language. File is not indexed.

0001 <chapter id="authorizationagent">
0002 <title>Authorization Agent</title>
0003 
0004 <sect1 id="authorizationagent-overview">
0005 <title>Manual</title>
0006 
0007 <para>
0008 The Authorization Agent is the application that is called whenever an user
0009 wants to obtain a given authorization. It's a &DBus; activated daemon which
0010 uses <quote>libpolkit-grant</quote> that in turn uses PAM for authentication
0011 services (however, other authentication back-ends can be plugged in as required).
0012 </para>
0013 </sect1>
0014 
0015 <sect1 id="authorizationagent-dialog">
0016 <title>Authorization Agent dialog</title>
0017 
0018 <para>
0019 The appearance of the authentication dialog depends on the result from PolicyKit
0020 and also whether administrator authentication is defined as <quote>authenticate as
0021 the root user</quote> or <quote>authenticate as one of the users from UNIX group
0022 wheel</quote> or however the PolicyKit library is configured (see the
0023 PolicyKit.conf(5) manual page for details). Note that some of the screenshots below
0024 were made on a system set up to use the
0025 <ulink url="http://thinkfinger.sourceforge.net/">ThinkFinger</ulink>
0026 PAM module. The text shown in the authentication dialogs stems from the PolicyKit
0027 .policy XML files residing in /usr/share/PolicyKit/policy and is read by the
0028 authentication daemon when an applications asks to obtain an authorization.
0029 Thus, what the user sees is not under application control
0030 (e.g. it's not passed from the application) which rules out a class of attacks
0031 where applications are trying to fool the user into gaining a privilege.
0032 </para>
0033 
0034 <para>The authentication dialog where the user is asked to authenticate as root
0035 using the password or swiping the finger.
0036 The details shows the application that's requesting the action, the action
0037 itself and the action vendor. If clicking in the action link it will open the
0038 authorization manager pointing to the given action, and the vendor might also
0039 provide a link for the given action that will be fired when clicking on the
0040 <quote>Vendor</quote> link:</para>
0041 <para>
0042 <screenshot>
0043 <mediaobject>
0044 <imageobject><imagedata fileref="authdialog_1.png" format="PNG"/></imageobject>
0045 <textobject><phrase>
0046 The authentication dialog asking for root, swipe finger and showing descriptions
0047 </phrase></textobject>
0048 </mediaobject>
0049 </screenshot>
0050 </para>
0051 
0052 <para>Authentication dialog where the user is asked to authenticate as an administrative
0053 user and PolicyKit is configured to use the root password for this:</para>
0054 <para>
0055 <screenshot>
0056 <mediaobject>
0057 <imageobject><imagedata fileref="authdialog_2.png" format="PNG"/></imageobject>
0058 <textobject><phrase>
0059 The authentication dialog asking for root
0060 </phrase></textobject>
0061 </mediaobject>
0062 </screenshot>
0063 </para>
0064 
0065 <para>Authentication dialog where the user is asked to authenticate as an administrative
0066 user and PolicyKit is configured to use a group for this:</para>
0067 <para>
0068 <screenshot>
0069 <mediaobject>
0070 <imageobject><imagedata fileref="authdialog_3.png" format="PNG"/></imageobject>
0071 <textobject><phrase>
0072 The authentication dialog asking for a user of the administrative group
0073 </phrase></textobject>
0074 </mediaobject>
0075 </screenshot>
0076 </para>
0077 
0078 <para>Same authentication dialog, showing drop down box where the user can be selected:</para>
0079 <para>
0080 <screenshot>
0081 <mediaobject>
0082 <imageobject><imagedata fileref="authdialog_4.png" format="PNG"/></imageobject>
0083 <textobject><phrase>
0084 Same authentication dialog, showing drop down box where the user can be selected
0085 </phrase></textobject>
0086 </mediaobject>
0087 </screenshot>
0088 </para>
0089 
0090 
0091 <para>Authentication dialog showing an Action where the privilege can be retained indefinitely:</para>
0092 <para>
0093 <screenshot>
0094 <mediaobject>
0095 <imageobject><imagedata fileref="authdialog_5.png" format="PNG"/></imageobject>
0096 <textobject><phrase>
0097 Authentication dialog showing an Action where the privilege can be retained indefinitely
0098 </phrase></textobject>
0099 </mediaobject>
0100 </screenshot>
0101 </para>
0102 
0103 
0104 <para>Authentication dialog showing an Action where the privilege can be retained only
0105 for the remainder of the desktop session:</para>
0106 <para>
0107 <screenshot>
0108 <mediaobject>
0109 <imageobject><imagedata fileref="authdialog_6.png" format="PNG"/></imageobject>
0110 <textobject><phrase>
0111 Authentication dialog showing an Action where the privilege can be retained only
0112 for the remainder of the desktop session
0113 </phrase></textobject>
0114 </mediaobject>
0115 </screenshot>
0116 </para>
0117 
0118 </sect1>
0119 
0120 </chapter>