clock riddle

Todd Zullinger tmz at pobox.com
Tue Feb 24 05:18:55 UTC 2009


Michal Jaegermann wrote:
> On Mon, Feb 23, 2009 at 06:08:44PM -0500, Matthias Clasen wrote:
>> On Mon, 2009-02-23 at 15:57 -0700, Michal Jaegermann wrote:
>>> On Mon, Feb 23, 2009 at 02:13:03PM -0800, Adam Williamson wrote:
>>>>
>>>> For me (system is F10, updated to current Rawhide) it asks for user
>>>> password.
>
> Once.  And not the next time.  There is this "keep_always".
>
>> What exactly are we trying to establish here ?
>> Is that another riddle ?
>
> No, I misread the above in a hurry.
>
>> If you want to know the default policies, just
>> open /usr/share/PolicyKit/policy/org.gnome.clockapplet.mechanism.policy
>> and you will find that it is indeed
>>
>>   <allow_inactive>no</allow_inactive>
>>   <allow_active>auth_self_keep_always</allow_active>
>
> That can be modified through 'polkit-action --set-defaults-active ...'
> so this loop I have shown will print then something else.

I think Dan Walsh tried to address these PolicyKit defaults on the
fedora-security-list last November:

"PolicyKit Proliferation is a Security Disaster in the making"
http://www.redhat.com/archives/fedora-security-list/2008-November/msg00000.html

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When I think about all the crap I learned in high school ... it's a
wonder I can think at all.
    -- Paul Simon

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20090224/820b9a85/attachment.sig>


More information about the fedora-test-list mailing list