[CentOS] How do graphical admin tools requiring root get authentication?

Les Mikesell lesmikesell at gmail.com
Mon Mar 17 17:58:06 UTC 2014 

On Mon, Mar 17, 2014 at 10:18 AM, Samuel Winchenbach <swinchen at gmail.com> wrote:
> Well the slow dialog isn't the problem so much.
>
> I have disabled selinux just to remove one variable from the problem!
>
> Here are a list of applications and if they prompt for the root password
> correctly:
> "Add/Remove Software" -  Application start fine, but when I click apply I
> get "Authorization Failed" dialog box.
> "Authentication" - Works great!
> "Firewall" - I get an
> org.fedoraproject.slip.dbus.service.PolKit.NotAuthroized.org.fedoraproject.config.firewall.auth
> error dialog box on start.
> "Services" - Application starts fine, but it never prompts for root
> password and none of the buttons (enable, disable, start, stop, restart)
> seem to do anything
> "Software Update" - Application starts fine but "Install Updates" doesn't
> do anything.
> "Users and Groups" - Works great!
>
> So it is strange that "Authentication" and "Users and Groups" work great,
> but the other fail one way or another.  Different authentication
> mechanisms?  I am really quite lost.

I was assuming that this behavior was different from a freenx/NX
session but I see approximately the same thing where the apps that are
links to consolehelper with the matching name configured under
/etc/pam.d/ (system-config-authentication, etc.) work with with a
password prompt as needed, but not the ones that are just python
(system-config-firewall, etc.)   My ck-list-sessions says:
$ ck-list-sessions
 Session2:
      unix-user = '500'
      realname = '(null)'
      seat = 'Seat1'
      session-type = ''
      active = TRUE
      x11-display = ':0'
      x11-display-device = '/dev/tty1'
      display-device = ''
      remote-host-name = ''
      is-local = TRUE
      on-since = '2014-02-27T20:46:01.675451Z'
      login-session-id = '1'
      idle-since-hint = '2014-02-27T22:36:31.861340Z'

I don't know what most of that means, but my X display is definitely not :0.
$ echo $DISPLAY
 :1320.0

So something is not right here...   Googleing for that
org.fedoraproject.slip.dbus.service.PolKit.NotAuthorizedException.org.fedoraproject.config.firewall.auth:
  error turns up a bunch of hits but I couldn't find a real fix to
make the password prompt happen.   Seems to be controlled by stuff
related to PolicyKit, and maybe something to do with the magic that
happens when you log in on the console device.  I don't believe much
in magic, so I've always thought that was a very strange concept for
an inherently multiuser OS.

-- 
   Les Mikesell
      lesmikesell at gmail.com

More information about the CentOS mailing list