On Mon, 20 May 2019 at 11:49:42 +0200, Lennart Poettering wrote:
> Ideally some infrastructure like PK would supply this mechanism
> instead of us btw.
polkit is for controlled privilege escalation where an unprivileged user
asks a privileged system service to do something, and the system service
asks polkit whether that should be allowed to happen, with possible answers
that include yes, no, or a sudo-like "only if you re-authenticate first".
It also isn't an early-boot service (it needs D-Bus).
Things like prompting for the password for a LUKS volume are really
outside the scope of polkit, but it might make sense for there to be
some lower-level system-wide password prompting concept that can be used
by multiple things that need passwords: systemd, LUKS volume mounting,
polkit agents (the part that implements the "only if you re-authenticate"
policy), gnome-keyring, sudo and so on.
smcv
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: Password agent for user services
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Password agent for user services
- From: Simon McVittie <smcv@xxxxxxxxxxxxx>
- Date: Tue, 28 May 2019 14:05:34 +0100
- In-reply-to: <20190520094942.GE27329@gardel-login>
- References: <20190513183036.GG13687@blackbody.suse.cz> <20190520094942.GE27329@gardel-login>
- User-agent: Mutt/1.10.1 (2018-07-13)
- References:
- Password agent for user services
- From: Michal Koutný
- Re: Password agent for user services
- From: Lennart Poettering
- Password agent for user services
- Prev by Date: Re: How to get hardware watchdog status when using systemd
- Next by Date: Re: SystemCallFilter
- Previous by thread: Re: Password agent for user services
- Next by thread: [PATCH] ask-password: prevent buffer overrow when reading from keyring
- Index(es):
 |