Qortal/Brooklyn
3
0
Fork 1
mirror of https://github.com/Qortal/Brooklyn.git synced 2025-02-15 11:45:54 +00:00
Code Issues Projects Releases Wiki Activity
Brooklyn/plasma/workspace/doc/PolicyKit-kde/authorizationagent.docbook
Raziel K. Crowe 0d174a3fe6 Plasma desktop workspace tweaks
2022-03-05 22:41:29 +05:00

121 lines
4.2 KiB
Plaintext
Raw Blame History

<chapter id="authorizationagent">
<title>Authorization Agent</title>
<sect1 id="authorizationagent-overview">
<title>Manual</title>
<para>
The Authorization Agent is the application that is called whenever an user
wants to obtain a given authorization. It's a &DBus; activated daemon which
uses <quote>libpolkit-grant</quote> that in turn uses PAM for authentication
services (however, other authentication back-ends can be plugged in as required).
</para>
</sect1>
<sect1 id="authorizationagent-dialog">
<title>Authorization Agent dialog</title>
<para>
The appearance of the authentication dialog depends on the result from PolicyKit
and also whether administrator authentication is defined as <quote>authenticate as
the root user</quote> or <quote>authenticate as one of the users from UNIX group
wheel</quote> or however the PolicyKit library is configured (see the
PolicyKit.conf(5) manual page for details). Note that some of the screenshots below
were made on a system set up to use the
<ulink url="http://thinkfinger.sourceforge.net/">ThinkFinger</ulink>
PAM module. The text shown in the authentication dialogs stems from the PolicyKit
.policy XML files residing in /usr/share/PolicyKit/policy and is read by the
authentication daemon when an applications asks to obtain an authorization.
Thus, what the user sees is not under application control
(e.g. it's not passed from the application) which rules out a class of attacks
where applications are trying to fool the user into gaining a privilege.
</para>
<para>The authentication dialog where the user is asked to authenticate as root
using the password or swiping the finger.
The details shows the application that's requesting the action, the action
itself and the action vendor. If clicking in the action link it will open the
authorization manager pointing to the given action, and the vendor might also
provide a link for the given action that will be fired when clicking on the
<quote>Vendor</quote> link:</para>
<para>
<screenshot>
<mediaobject>
<imageobject><imagedata fileref="authdialog_1.png" format="PNG"/></imageobject>
<textobject><phrase>
The authentication dialog asking for root, swipe finger and showing descriptions
</phrase></textobject>
</mediaobject>
</screenshot>
</para>
<para>Authentication dialog where the user is asked to authenticate as an administrative
user and PolicyKit is configured to use the root password for this:</para>
<para>
<screenshot>
<mediaobject>
<imageobject><imagedata fileref="authdialog_2.png" format="PNG"/></imageobject>
<textobject><phrase>
The authentication dialog asking for root
</phrase></textobject>
</mediaobject>
</screenshot>
</para>
<para>Authentication dialog where the user is asked to authenticate as an administrative
user and PolicyKit is configured to use a group for this:</para>
<para>
<screenshot>
<mediaobject>
<imageobject><imagedata fileref="authdialog_3.png" format="PNG"/></imageobject>
<textobject><phrase>
The authentication dialog asking for a user of the administrative group
</phrase></textobject>
</mediaobject>
</screenshot>
</para>
<para>Same authentication dialog, showing drop down box where the user can be selected:</para>
<para>
<screenshot>
<mediaobject>
<imageobject><imagedata fileref="authdialog_4.png" format="PNG"/></imageobject>
<textobject><phrase>
Same authentication dialog, showing drop down box where the user can be selected
</phrase></textobject>
</mediaobject>
</screenshot>
</para>
<para>Authentication dialog showing an Action where the privilege can be retained indefinitely:</para>
<para>
<screenshot>
<mediaobject>
<imageobject><imagedata fileref="authdialog_5.png" format="PNG"/></imageobject>
<textobject><phrase>
Authentication dialog showing an Action where the privilege can be retained indefinitely
</phrase></textobject>
</mediaobject>
</screenshot>
</para>
<para>Authentication dialog showing an Action where the privilege can be retained only
for the remainder of the desktop session:</para>
<para>
<screenshot>
<mediaobject>
<imageobject><imagedata fileref="authdialog_6.png" format="PNG"/></imageobject>
<textobject><phrase>
Authentication dialog showing an Action where the privilege can be retained only
for the remainder of the desktop session
</phrase></textobject>
</mediaobject>
</screenshot>
</para>
</sect1>
</chapter>
Reference in New Issue View Git Blame Copy Permalink