Warning, /plasma/plasma-workspace/doc/PolicyKit-kde/authorizationagent.docbook is written in an unsupported language. File is not indexed.
0001 <chapter id="authorizationagent"> 0002 <title>Authorization Agent</title> 0003 0004 <sect1 id="authorizationagent-overview"> 0005 <title>Manual</title> 0006 0007 <para> 0008 The Authorization Agent is the application that is called whenever an user 0009 wants to obtain a given authorization. It's a &DBus; activated daemon which 0010 uses <quote>libpolkit-grant</quote> that in turn uses PAM for authentication 0011 services (however, other authentication back-ends can be plugged in as required). 0012 </para> 0013 </sect1> 0014 0015 <sect1 id="authorizationagent-dialog"> 0016 <title>Authorization Agent dialog</title> 0017 0018 <para> 0019 The appearance of the authentication dialog depends on the result from PolicyKit 0020 and also whether administrator authentication is defined as <quote>authenticate as 0021 the root user</quote> or <quote>authenticate as one of the users from UNIX group 0022 wheel</quote> or however the PolicyKit library is configured (see the 0023 PolicyKit.conf(5) manual page for details). Note that some of the screenshots below 0024 were made on a system set up to use the 0025 <ulink url="http://thinkfinger.sourceforge.net/">ThinkFinger</ulink> 0026 PAM module. The text shown in the authentication dialogs stems from the PolicyKit 0027 .policy XML files residing in /usr/share/PolicyKit/policy and is read by the 0028 authentication daemon when an applications asks to obtain an authorization. 0029 Thus, what the user sees is not under application control 0030 (e.g. it's not passed from the application) which rules out a class of attacks 0031 where applications are trying to fool the user into gaining a privilege. 0032 </para> 0033 0034 <para>The authentication dialog where the user is asked to authenticate as root 0035 using the password or swiping the finger. 0036 The details shows the application that's requesting the action, the action 0037 itself and the action vendor. If clicking in the action link it will open the 0038 authorization manager pointing to the given action, and the vendor might also 0039 provide a link for the given action that will be fired when clicking on the 0040 <quote>Vendor</quote> link:</para> 0041 <para> 0042 <screenshot> 0043 <mediaobject> 0044 <imageobject><imagedata fileref="authdialog_1.png" format="PNG"/></imageobject> 0045 <textobject><phrase> 0046 The authentication dialog asking for root, swipe finger and showing descriptions 0047 </phrase></textobject> 0048 </mediaobject> 0049 </screenshot> 0050 </para> 0051 0052 <para>Authentication dialog where the user is asked to authenticate as an administrative 0053 user and PolicyKit is configured to use the root password for this:</para> 0054 <para> 0055 <screenshot> 0056 <mediaobject> 0057 <imageobject><imagedata fileref="authdialog_2.png" format="PNG"/></imageobject> 0058 <textobject><phrase> 0059 The authentication dialog asking for root 0060 </phrase></textobject> 0061 </mediaobject> 0062 </screenshot> 0063 </para> 0064 0065 <para>Authentication dialog where the user is asked to authenticate as an administrative 0066 user and PolicyKit is configured to use a group for this:</para> 0067 <para> 0068 <screenshot> 0069 <mediaobject> 0070 <imageobject><imagedata fileref="authdialog_3.png" format="PNG"/></imageobject> 0071 <textobject><phrase> 0072 The authentication dialog asking for a user of the administrative group 0073 </phrase></textobject> 0074 </mediaobject> 0075 </screenshot> 0076 </para> 0077 0078 <para>Same authentication dialog, showing drop down box where the user can be selected:</para> 0079 <para> 0080 <screenshot> 0081 <mediaobject> 0082 <imageobject><imagedata fileref="authdialog_4.png" format="PNG"/></imageobject> 0083 <textobject><phrase> 0084 Same authentication dialog, showing drop down box where the user can be selected 0085 </phrase></textobject> 0086 </mediaobject> 0087 </screenshot> 0088 </para> 0089 0090 0091 <para>Authentication dialog showing an Action where the privilege can be retained indefinitely:</para> 0092 <para> 0093 <screenshot> 0094 <mediaobject> 0095 <imageobject><imagedata fileref="authdialog_5.png" format="PNG"/></imageobject> 0096 <textobject><phrase> 0097 Authentication dialog showing an Action where the privilege can be retained indefinitely 0098 </phrase></textobject> 0099 </mediaobject> 0100 </screenshot> 0101 </para> 0102 0103 0104 <para>Authentication dialog showing an Action where the privilege can be retained only 0105 for the remainder of the desktop session:</para> 0106 <para> 0107 <screenshot> 0108 <mediaobject> 0109 <imageobject><imagedata fileref="authdialog_6.png" format="PNG"/></imageobject> 0110 <textobject><phrase> 0111 Authentication dialog showing an Action where the privilege can be retained only 0112 for the remainder of the desktop session 0113 </phrase></textobject> 0114 </mediaobject> 0115 </screenshot> 0116 </para> 0117 0118 </sect1> 0119 0120 </chapter>