[Pkg-utopia-maintainers] Bug#1023393: policykit-1: Not prompted to authenticate with my own identity any more
Sam Morris
sam at robots.org.uk
Thu Nov 3 11:51:52 GMT 2022
Package: polkitd
Version: 122-1
Severity: important
X-Debbugs-Cc: sam at robots.org.uk
Since updating to 122, polkit authentication prompts ask me to
authenticate as "Administrator" (root?) rather than my own user.
Here's my configuration:
# cat /etc/polkit-1/localauthority.conf.d/60-sam.conf
[Configuration]
AdminIdentities=unix-user:sam.morris at domain.example.com
# pkla-admin-identities
unix-user:sam.morris at domain.example.com
So it looks like polkitd-pkla still recognizes me as an administrator.
pkla-check-authorization however indicates that maybe my user is allowed
to connect/disconnect pre-existing network connections but is _not_
allowed to edit network connections. So maybe the problem is with
polkitd-pkla after all?
# pkla-check-authorization sam.morris at domain.example.com true true org.freedesktop.NetworkManager.network-control
yes
# pkla-check-authorization sam.morris at domain.example.com true true org.freedesktop.NetworkManager.settings.modify.system; echo $?
0
For the end to end test I'm running this command, which prompts me for
root's password rather than my own.
$ pkcheck -a org.freedesktop.NetworkManager.settings.modify.system -u -p $$
polkit\56dismissed=true
polkit\56retains_authorization_after_challenge=true
Authentication request was dismissed.
So based on that it's not clear to me whether the problem lies in
polkitd or polkitd-pkla...
Not sure whether the problem is with polkit itself or polkitd-pkla.
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (570, 'stable-updates'), (570, 'stable-security'), (570, 'stable-debug'), (570, 'stable'), (550, 'testing-debug'), (550, 'testing'), (530, 'unstable-debug'), (530, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.19.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default
Versions of packages policykit-1 depends on:
ii pkexec 122-1
ii polkitd 122-1
Versions of packages policykit-1 recommends:
ii polkitd-pkla 122-1
policykit-1 suggests no packages.
Versions of packages polkitd depends on:
ii adduser 3.118
ii dbus [default-dbus-system-bus] 1.12.24-0+deb11u1
ii libc6 2.35-4
ii libduktape207 2.7.0-1+b1
ii libexpat1 2.2.10-2+deb11u5
ii libglib2.0-0 2.74.1-1
ii libpam-systemd [logind] 251.6-1
ii libpam0g 1.4.0-9+deb11u1
ii libpolkit-agent-1-0 122-1
ii libpolkit-gobject-1-0 122-1
ii libsystemd0 251.6-1
ii systemd [systemd-sysusers] 251.6-1
ii xml-core 0.18+nmu1
Versions of packages polkitd suggests:
ii polkitd-pkla 122-1
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list