I am managing a CentOS 6.2 server remotely using X over SSH (actually NX, but that's just a proxy).
The Everything is working correctly, except when I try to do tasks that would normally require administrative permissions (such as things in palimpsest, or any other GUI tools).
When I try to do things which would trigger a authentication dialog (through polkit-gnome)the permissions dialog is silently failing, and the software is running as my user account, rather then root.
To clarify, if I change package settings using the package manager at the local console, I get a pop-up – "Authentication is required to (add/remove) packages".
If I do this remotely, the authentication fails, and I get a "Authorization Failed" dialog.
It seems to boil down to policykit configuration, but I've followed the polkit man pages, and edited my configuration, and it hasn't changed anything.
I can manage packages/do super-user stuff from the command line without any problems. However, I am very visually oriented, and much prefer a GUI when possible.
Ok, so it seems that I need to add a new rule to policykit.
Going off the man pages, I created a file (named 20-remote-admin-allow.pkla), and dropped it into /etc/polkit-1/localauthority/50-local.d/. Since there seems to be multiple polkit config directories, I copied the same file into /var/lib/polkit-1/localauthority/50-local.d/.
It does not appear to have changed anything.
Here is my config file, as mentioned above:
[root@cloaica zul]# cat /var/lib/polkit-1/localauthority/50-local.d/10-remote-admin-allow.pkla
[Let remote users do admin stuff]
Identity=unix-user:zul
Action=*
ResultAny=auth_admin
ResultInactive=auth_admin
ResultActive=auth_self_keep
[root@cloaica zul]# cat /etc/polkit-1/localauthority/50-local.d/20-remote-admin-allow.pkla
[Allow Remote Administraton]
Identity=unix-user:zul
Action=*
ResultAny=auth_admin
ResultInactive=auth_admin
ResultActive=auth_admin
[root@cloaica zul]#
pkaction --verbose still reports
implicit any: no
implicit inactive: no
for most actions, and said actions fail if I attempt them, with "Authentication Failed" dialog, as mentioned above.
Seriously, I does anyone actually understand how polkit actually works?
Policykit seems to be an ongoing nightmare, and considering there used to be a GUI configuration tool and it was removed, I don't understand how anyone thought this was ready for release into a production OS.
To be clear, I like having the "please authenticate to perform this action" dialogs. I just want to actually have them, rather then having the system silently fail to authenticate.
I don't want to remove the entirety of polkit, just make it either think all sessions are active, or that inactive sessions get the same permissions as active sessions.
Best Answer
Can't say for certain you're having the exact same problem, but this is listed as a fedora bug, as of Nov, 2011. I installed a clean CentOS 6, upgraded all packages and then had the same problem trying to remotely access and add a new package (something requiring auth).