Networking and the firewall (Was Re: Isn't it time for the encrypted file system???)
Matthew Miller
mattdm at mattdm.org
Thu Mar 30 22:26:47 UTC 2006
On Thu, Mar 30, 2006 at 12:55:22PM -0500, David Zeuthen wrote:
> Indeed, the whole idea of using polkit-su have been abandoned after
> discussion on on the hal list when someone from SUN and SUSE proposed a
> better approach. Isn't open development great?
Yes. :)
> However, it's all work in progress at the point and since it's rather
> complex and deals with privilege escalation I've started writing a spec
> how all this is supposed to work. I'm not done yet with the spec.. but
> this is how far I've got
> http://webcvs.freedesktop.org/*checkout*/hal/PolicyKit/doc/spec/polkit-spec.html
Okay, so no switching users at all. That looks pretty cool. I see "For
details (like what user to authenticate as) see XXX" -- it'd make me very
happy if XXX could include things like "for members of a given group, allow
auth-as-self" (as consolehelper currently does).
> and I hope at least the diagram explains what the point is. I do expect
> this to be baked at some point rather soon as it's holding back hal and
> gnome-mount releases :-) ... at least the difficult part of doing PAM
> over D-BUS is done and I already got proof of concept work.. so.. it's
> in a state of needing documentation of having a list of TODO's being
> worked on. If anyone wants to help out (I'm doing this mostly in my
> spare time as I'm tied up with other commitments at work) please join
> the hal list and send mail.
I'm interested but already horribly overcommitted. :)
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the Fedora-maintainers
mailing list