/usr/share/doc/HTML/en/PolicyKit-kde/index.cache.bz2

dwww Home | Show directory contents | Find package
<FILENAME filename="index.html"><html><head><title>The PolicyKit-kde manual</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="description" content="PolicyKit-kde is a KDE front end to the PolicyKit system that is used to manages authentication. PolicyKit is a toolkit designed to allow unprivileged processes to speak to privileged processes. It does that by centralizing information of actions and authorized applications."><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="next" href="introduction.html" title="Chapter 1. Overview"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> The <span class="application">PolicyKit-kde</span> manual</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="introduction.html">Next</a></td></tr></table></div><div id="contentBody"><div lang="en" class="book"><div class="titlepage"><div><div><h1 class="title"><a name="PolicyKit-kde"></a>The <span class="application">PolicyKit-kde</span> manual</h1></div><div><div class="authorgroup"><p class="author"><span class="firstname">Daniel</span> <span class="surname">Nicoletti</span> </p></div></div><div>Revision <span class="releaseinfo">0.9.0 (<span class="date">2009-01-25</span>)</span></div><div><p class="copyright">Copyright © 2008-2009 Daniel Nicoletti</p></div><div><p><a href="help:/kdoctools5-common/fdl-notice.html">Legal Notice</a></p></div><div><div><div class="abstract"><p><span class="application">PolicyKit-kde</span> is a <span class="orgname">KDE</span> front end to the PolicyKit
system that is used to manages authentication.</p><p><span class="application">PolicyKit</span> is a toolkit designed to allow unprivileged processes
to speak to privileged processes. It does that by centralizing information of
actions and authorized applications.</p></div></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="chapter"><a href="introduction.html">1. Overview</a></span></dt><dt><span class="chapter"><a href="howitworks.html">2. How it works</a></span></dt><dd><dl><dt><span class="sect1"><a href="howitworks.html#howitworks-overview">Overview</a></span></dt><dt><span class="sect1"><a href="howitworks-problem.html">The problem</a></span></dt><dt><span class="sect1"><a href="howitworks-solution.html">The solution</a></span></dt></dl></dd><dt><span class="chapter"><a href="authorization.html">3. Authorization manager</a></span></dt><dd><dl><dt><span class="sect1"><a href="authorization.html#authorization-manual">Manual</a></span></dt></dl></dd><dt><span class="chapter"><a href="authorizationagent.html">4. Authorization Agent</a></span></dt><dd><dl><dt><span class="sect1"><a href="authorizationagent.html#authorizationagent-overview">Manual</a></span></dt><dt><span class="sect1"><a href="authorizationagent-dialog.html">Authorization Agent dialog</a></span></dt></dl></dd><dt><span class="chapter"><a href="credits.html">5. Credits and License</a></span></dt></dl></div><FILENAME filename="introduction.html"><html><head><title>Chapter 1. Overview</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="up" href="index.html" title="The PolicyKit-kde manual"><link rel="prev" href="index.html" title="The PolicyKit-kde manual"><link rel="next" href="howitworks.html" title="Chapter 2. How it works"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Overview</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="index.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="howitworks.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="introduction"></a>Chapter 1. Overview</h1></div></div></div><p><span class="application">PolicyKit-kde</span> is a implementation of PolicyKit tool to the look and feel
of KDE.</p><p>PolicyKit allows easy and secure password management, it can be used by
applications to ask their users for a password. Each application defines a set
of actions that can be executed by their program.
The application will call PolicyKit to see if the user can perform a given
action, if not, the application can issue the auth dialog where the user
can enter his/her password, root password, the password of a given group
of users or even swipe the finger.</p><p><span class="application">PolicyKit-kde</span> consists of two applications:
The Authorization agent that receives requests for authentication, and shows
a dialog asking for a password.
The Authorization manager that is used to manage the authorizations, it is
mainly used by system administrators that may want to change the default behavior
of a program policies.</p><p>For Qt/KDE developers there is Qt library to allow easy integration with
you application and PolicyKit.</p><p>For more information of how PolicyKit works, it's design and API visit
<a class="ulink" href="http://hal.freedesktop.org/docs/PolicyKit/" target="_top">PolicyKit Library Reference Manual</a></p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="index.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="howitworks.html">Next</a></td></tr><tr><td class="prevCell">The <span class="application">PolicyKit-kde</span> manual </td><td class="upCell"> </td><td class="nextCell"> How it works</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="howitworks.html"><html><head><title>Chapter 2. How it works</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="up" href="index.html" title="The PolicyKit-kde manual"><link rel="prev" href="introduction.html" title="Chapter 1. Overview"><link rel="next" href="howitworks-problem.html" title="The problem"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> How it works</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="introduction.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="howitworks-problem.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="howitworks"></a>Chapter 2. How it works</h1></div></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="howitworks-overview"></a>Overview</h2></div></div></div><p>PolicyKit has a simple way of working, but it requires some
design changes from the applications that want to use it to request
passwords.</p></div><FILENAME filename="howitworks-problem.html"><html><head><title>The problem</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="up" href="howitworks.html" title="Chapter 2. How it works"><link rel="prev" href="howitworks.html" title="Chapter 2. How it works"><link rel="next" href="howitworks-solution.html" title="The solution"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> The problem</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="howitworks.html">Prev</a></td><td class="upCell">How it works</td><td class="nextCell"><a accesskey="n" href="howitworks-solution.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="howitworks-problem"></a>The problem</h2></div></div></div><p>In GUI applications the common way to gain root privileges is to start
it as root, but there are several security risks in doing this method and
it does not allow a good actions mapping. There is no way to separate actions
like package-install of system-upgrading.
All the users who want to use it must have the root password. Another common
approach is using sudo but once you start an application with sudo you will
have all the rights the root user will have.
If for example the GUI application has a dialog to select files that dialog
is running as root which means that the user might be able to delete any file
on his machine or even coping others user files.
</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="howitworks.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="howitworks-solution.html">Next</a></td></tr><tr><td class="prevCell">How it works </td><td class="upCell">How it works</td><td class="nextCell"> The solution</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="howitworks-solution.html"><html><head><title>The solution</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="up" href="howitworks.html" title="Chapter 2. How it works"><link rel="prev" href="howitworks-problem.html" title="The problem"><link rel="next" href="authorization.html" title="Chapter 3. Authorization manager"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> The solution</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="howitworks-problem.html">Prev</a></td><td class="upCell">How it works</td><td class="nextCell"><a accesskey="n" href="authorization.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="howitworks-solution"></a>The solution</h2></div></div></div><p>With PolicyKit this problem is solved. The application in question
just need to separate the privileged code into another application,
often called helper (which will not have a GUI), then maps the desired
actions into a <span class="quote">“<span class="quote">.policy</span>”</span> file. PolicyKit then loads this file
and it can now authenticate applications to use those actions.
The use of <acronym class="acronym">D-Bus</acronym> activated applications is the best if not the only,
way of putting an helper application to run with root privileges.</p><p>With this design the GUI application calls an action of the helper
application through <acronym class="acronym">D-Bus</acronym>, which will start the helper with root privileges,
and informing it which action was requested and which application has requested
it. The helper application now calls the PolicyKit agent to see if that application
can do the given task, the helper should report if it could do the requested action.
In case the helper saw that the application didn't have enough rights the GUI
will then need to ask PolicyKit to obtain an authorization.</p><p>When PolicyKit receives the request to obtain an authorization it issues an
available Agent, which might happen to be <span class="application">PolicyKit-kde</span> if available. After a successful
authentication the GUI application needs to call the helper repeating the
same operation again.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="howitworks-problem.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="authorization.html">Next</a></td></tr><tr><td class="prevCell">The problem </td><td class="upCell">How it works</td><td class="nextCell"> Authorization manager</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="introduction.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="howitworks-problem.html">Next</a></td></tr><tr><td class="prevCell">Overview </td><td class="upCell"> </td><td class="nextCell"> The problem</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="authorization.html"><html><head><title>Chapter 3. Authorization manager</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="up" href="index.html" title="The PolicyKit-kde manual"><link rel="prev" href="howitworks-solution.html" title="The solution"><link rel="next" href="authorizationagent.html" title="Chapter 4. Authorization Agent"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Authorization manager</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="howitworks-solution.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="authorizationagent.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="authorization"></a>Chapter 3. Authorization manager</h1></div></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="authorization-manual"></a>Manual</h2></div></div></div><p>
The Authorization manager is the application that system administrators can
use to easily change the default behavior of any actions. This page does not
aim to explain how to create new actions or define new <span class="quote">“<span class="quote">.policy</span>”</span>
files.</p><p>
The Authorization screen is divided in two parts, at the left we have all the
actions that PolicyKit knows, you are able to search the actions using the search
bar at the top, and at the right we have the selected action.
This screenshot shows the main Authorization screen:
</p><p>
</p><div class="screenshot"><div xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="mediaobject"><img src="authorization_1.png" alt="Main window with source device"></div></div><p>
</p><p>
When you select an action it's details will be shown at the right side,
the action might have an icon, a description and the vendor name. Next
in the view we have the <span class="quote">“<span class="quote">Implicit Authorizations</span>”</span> and
<span class="quote">“<span class="quote">Explicit Authorizations</span>”</span>.
</p><p>
The <span class="quote">“<span class="quote">Implicit Authorizations</span>”</span> are authorizations automatically
given to users based on certain criteria such as if they are on the local
console. These authorizations are read from the <span class="quote">“<span class="quote">.policy</span>”</span> files
that the given application defined, they are the defaults settings of the action.
These are the valid values
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>no</p></li><li class="listitem"><p>auth_self_one_shot</p></li><li class="listitem"><p>auth_self</p></li><li class="listitem"><p>auth_self_keep_session</p></li><li class="listitem"><p>auth_self_keep_always</p></li><li class="listitem"><p>auth_admin_one_shot</p></li><li class="listitem"><p>auth_admin</p></li><li class="listitem"><p>auth_admin_keep_session</p></li><li class="listitem"><p>auth_admin_keep_always</p></li><li class="listitem"><p>yes</p></li></ul></div><p>
You can change these defaults values simply by changing it on the combo box,
the not bold value is the default one so if you want to change one value back
you can select it, to make you selection take effect you have to click on the
<span class="quote">“<span class="quote">Modify</span>”</span> button. The <span class="quote">“<span class="quote">Revert to defaults</span>”</span> can be used
to change all <span class="quote">“<span class="quote">Implicit Authorizations</span>”</span> to it's defaults values.
Note that both <span class="quote">“<span class="quote">Modify</span>”</span> and <span class="quote">“<span class="quote">Revert to defaults</span>”</span>
requires you to issue the PolicyKit <span class="quote">“<span class="quote">org.freedesktop.policykit.modify-defaults</span>”</span>
action which might ask a password.
</p><p>
The <span class="quote">“<span class="quote">Explicit Authorizations</span>”</span> are authorizations that are either
obtained through authentication process or specifically given to the action
in question. The default behavior is to only show the current user explicit
authorizations; if you want to see others users explicit authorizations
click on the <span class="quote">“<span class="quote">Show authorizations from all users</span>”</span>, note that this
requires you to issue the PolicyKit <span class="quote">“<span class="quote">org.freedesktop.policykit.read</span>”</span>
action which might ask a password.
Blocked authorizations are marked with a <span class="quote">“<span class="quote">STOP</span>”</span> sign.
</p><p>
The <span class="quote">“<span class="quote">Revoke</span>”</span> button is used to revoke an explicit authorization.
Note that this requires you to issue the PolicyKit
<span class="quote">“<span class="quote">org.freedesktop.policykit.revoke</span>”</span> action which might ask a password.
</p><p>
If you want to specifically grant or block a given user of performing a given action
you can click on the <span class="quote">“<span class="quote">Grant</span>”</span> or <span class="quote">“<span class="quote">Block</span>”</span>.
The following screenshot you see the Grant/Block dialog:
</p><p>
</p><div class="screenshot"><div xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="mediaobject"><img src="authorization_2.png" alt="Grant/Block explicit authorizations dialog"></div></div><p>
</p><p>
To grant/block explicit authorizations you have to select the user that will
receive the authorization. You can also select the <span class="quote">“<span class="quote">Constraints</span>”</span>
to limit the authorization such that it only applies under certain circumstances.
</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>Be aware that explicit blocking and authorization might self lock you
of performing the given action so be sure of what you are doing</p></div><p>
Note that this requires you to issue the PolicyKit
<span class="quote">“<span class="quote">org.freedesktop.policykit.grant</span>”</span> action which might ask a password.
</p></div></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="howitworks-solution.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="authorizationagent.html">Next</a></td></tr><tr><td class="prevCell">The solution </td><td class="upCell"> </td><td class="nextCell"> Authorization Agent</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="authorizationagent.html"><html><head><title>Chapter 4. Authorization Agent</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="up" href="index.html" title="The PolicyKit-kde manual"><link rel="prev" href="authorization.html" title="Chapter 3. Authorization manager"><link rel="next" href="authorizationagent-dialog.html" title="Authorization Agent dialog"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Authorization Agent</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="authorization.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="authorizationagent-dialog.html">Next</a></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="authorizationagent"></a>Chapter 4. Authorization Agent</h1></div></div></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="authorizationagent-overview"></a>Manual</h2></div></div></div><p>
The Authorization Agent is the application that is called whenever an user
wants to obtain a given authorization. It's a <acronym class="acronym">D-Bus</acronym> activated daemon which
uses <span class="quote">“<span class="quote">libpolkit-grant</span>”</span> that in turn uses PAM for authentication
services (however, other authentication back-ends can be plugged in as required).
</p></div><FILENAME filename="authorizationagent-dialog.html"><html><head><title>Authorization Agent dialog</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="up" href="authorizationagent.html" title="Chapter 4. Authorization Agent"><link rel="prev" href="authorizationagent.html" title="Chapter 4. Authorization Agent"><link rel="next" href="credits.html" title="Chapter 5. Credits and License"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Authorization Agent dialog</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="authorizationagent.html">Prev</a></td><td class="upCell">Authorization Agent</td><td class="nextCell"><a accesskey="n" href="credits.html">Next</a></td></tr></table></div><div id="contentBody"><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="authorizationagent-dialog"></a>Authorization Agent dialog</h2></div></div></div><p>
The appearance of the authentication dialog depends on the result from PolicyKit
and also whether administrator authentication is defined as <span class="quote">“<span class="quote">authenticate as
the root user</span>”</span> or <span class="quote">“<span class="quote">authenticate as one of the users from UNIX group
wheel</span>”</span> or however the PolicyKit library is configured (see the
PolicyKit.conf(5) manual page for details). Note that some of the screenshots below
were made on a system set up to use the
<a class="ulink" href="http://thinkfinger.sourceforge.net/" target="_top">ThinkFinger</a>
PAM module. The text shown in the authentication dialogs stems from the PolicyKit
.policy XML files residing in /usr/share/PolicyKit/policy and is read by the
authentication daemon when an applications asks to obtain an authorization.
Thus, what the user sees is not under application control
(e.g. it's not passed from the application) which rules out a class of attacks
where applications are trying to fool the user into gaining a privilege.
</p><p>The authentication dialog where the user is asked to authenticate as root
using the password or swiping the finger.
The details shows the application that's requesting the action, the action
itself and the action vendor. If clicking in the action link it will open the
authorization manager pointing to the given action, and the vendor might also
provide a link for the given action that will be fired when clicking on the
<span class="quote">“<span class="quote">Vendor</span>”</span> link:</p><p>
</p><div class="screenshot"><div xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="mediaobject"><img src="authdialog_1.png" alt="The authentication dialog asking for root, swipe finger and showing descriptions"></div></div><p>
</p><p>Authentication dialog where the user is asked to authenticate as an administrative
user and PolicyKit is configured to use the root password for this:</p><p>
</p><div class="screenshot"><div xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="mediaobject"><img src="authdialog_2.png" alt="The authentication dialog asking for root"></div></div><p>
</p><p>Authentication dialog where the user is asked to authenticate as an administrative
user and PolicyKit is configured to use a group for this:</p><p>
</p><div class="screenshot"><div xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="mediaobject"><img src="authdialog_3.png" alt="The authentication dialog asking for a user of the administrative group"></div></div><p>
</p><p>Same authentication dialog, showing drop down box where the user can be selected:</p><p>
</p><div class="screenshot"><div xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="mediaobject"><img src="authdialog_4.png" alt="Same authentication dialog, showing drop down box where the user can be selected"></div></div><p>
</p><p>Authentication dialog showing an Action where the privilege can be retained indefinitely:</p><p>
</p><div class="screenshot"><div xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="mediaobject"><img src="authdialog_5.png" alt="Authentication dialog showing an Action where the privilege can be retained indefinitely"></div></div><p>
</p><p>Authentication dialog showing an Action where the privilege can be retained only
for the remainder of the desktop session:</p><p>
</p><div class="screenshot"><div xmlns:doc="http://nwalsh.com/xsl/documentation/1.0" class="mediaobject"><img src="authdialog_6.png" alt="Authentication dialog showing an Action where the privilege can be retained only for the remainder of the desktop session"></div></div><p>
</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="authorizationagent.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="credits.html">Next</a></td></tr><tr><td class="prevCell">Authorization Agent </td><td class="upCell">Authorization Agent</td><td class="nextCell"> Credits and License</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="authorization.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"><a accesskey="n" href="authorizationagent-dialog.html">Next</a></td></tr><tr><td class="prevCell">Authorization manager </td><td class="upCell"> </td><td class="nextCell"> Authorization Agent dialog</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME><FILENAME filename="credits.html"><html><head><title>Chapter 5. Credits and License</title><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-default.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-docs.css"><link rel="stylesheet" type="text/css" href="help:/kdoctools5-common/kde-localised.css"><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="keywords" content="KDE, System, Password, Admin, Authentication, polkit, policykit, policy, policies"><link rel="home" href="index.html" title="The PolicyKit-kde manual"><link rel="up" href="index.html" title="The PolicyKit-kde manual"><link rel="prev" href="authorizationagent-dialog.html" title="Authorization Agent dialog"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="GENERATOR" content="KDE XSL Stylesheet V1.14 using libxslt"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div id="content"><div id="header"><div id="header_content"><div id="header_left"><div id="header_right"><img src="help:/kdoctools5-common/top-kde.jpg" width="36" height="34"> Credits and License</div></div></div></div><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="authorizationagent-dialog.html">Prev</a></td><td class="upCell"> </td><td class="nextCell"></td></tr></table></div><div id="contentBody"><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="credits"></a>Chapter 5. Credits and License</h1></div></div></div><p>
<span class="application">PolicyKit-kde</span>
</p><p>
Program copyright 2008-2009 Daniel Nicoletti
</p><p>
Documentation copyright 2008-2009 Daniel Nicoletti
</p><p><a name="gnu-fdl"></a>This documentation is licensed under the terms of the <a class="ulink" href="help:/kdoctools5-common/fdl-license.html" target="_top">GNU Free Documentation
License</a>.</p></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"><a accesskey="p" href="authorizationagent-dialog.html">Prev</a></td><td class="upCell"><a accesskey="h" href="index.html">Contents</a></td><td class="nextCell"></td></tr><tr><td class="prevCell">Authorization Agent dialog </td><td class="upCell"> </td><td class="nextCell"> </td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME></div></div><div id="footer"><div class="navCenter"><table class="navigation"><tr><td class="prevCell"></td><td class="upCell"> </td><td class="nextCell"><a accesskey="n" href="introduction.html">Next</a></td></tr><tr><td class="prevCell"> </td><td class="upCell"> </td><td class="nextCell"> Overview</td></tr></table></div><div id="footer_text">Would you like to make a comment or contribute an update to this page?<br>Send feedback to the <a href="mailto:kde-doc-english@kde.org" class="footer_email">KDE Docs Team</a></div></div></div></body></html></FILENAME>
Generated by dwww version 1.15 on Thu Jun 20 14:31:32 CEST 2024.