On Thu, 2006-03-30 at 12:44 -0500, Matthew Miller wrote: > Well, having this would allow the existing consolehelper to take the place > of the "polkit-su" tool you mention in > <http://lists.freedesktop.org/archives/hal/2006-March/004770.html>. So > instead of having a new thing, consolehelper could auth to access your > 'polkit' user. > > It seems better to me to make this rather small change to consolehelper > rather than to make yet another tool from scratch. Maybe I'm missing > something important, though -- that often happens. :) Indeed, the whole idea of using polkit-su have been abandoned after discussion on on the hal list when someone from SUN and SUSE proposed a better approach. Isn't open development great? However, it's all work in progress at the point and since it's rather complex and deals with privilege escalation I've started writing a spec how all this is supposed to work. I'm not done yet with the spec.. but this is how far I've got http://webcvs.freedesktop.org/*checkout*/hal/PolicyKit/doc/spec/polkit-spec.html and I hope at least the diagram explains what the point is. I do expect this to be baked at some point rather soon as it's holding back hal and gnome-mount releases :-) ... at least the difficult part of doing PAM over D-BUS is done and I already got proof of concept work.. so.. it's in a state of needing documentation of having a list of TODO's being worked on. If anyone wants to help out (I'm doing this mostly in my spare time as I'm tied up with other commitments at work) please join the hal list and send mail. Hope this helps. David
