On Tue, 2009-05-26 at 19:24 +0200, Dario Freddi wrote: > > But we might want to break it if something better than PAM comes along. > > But since libpolkit-agent-1.so is a small library, it shouldn't be very > > painful and so-name-transitions is a pretty well-understood thing > > anyway. > > My 2 cents: why not switching to a backend system? It would definitely make > the transition easier, should the case happen, and will save you a lot of > possible future work and binary compatibility of polkit-agent. I volunteer > for > helping you: if you're interested in such a thing, this is definitely the > right time.
Well, the $64,000 question is how the interface from the app to the authentication system is going to work, e.g. what is expressed in http://people.freedesktop.org/~david/polkit-HEAD/PolkitAgentSession.html which is rich enough for PAM and the non-PAM /etc/shadow stuff the Slackware people wants. For a multi-factor authentication system that has some features no-one has even written down yet, it's going to be a lot more complicated. I mean, it's not unrealistic you want such an authentication system to also cover cases where you authenticate someone over the network. I mean, people has lots of ideas about this - but not so many concrete ones. So I don't think it's going to be useful trying to redesign that interface until we're in a place where we know how a new authentication subsystem is going to work. Also, if one were to push for a new authentication subsystem the number one item you'd want would be PAM backwards compat. So things would work fine even if a distro switched to a new system. So, realistically, I don't think this is a big deal even if we were to transition to using another authentication subsystem, e.g. bump the soname for libpolkit-agent-1. Distros would just ship compat packages for libpolkit-agent-1.so. I mean, it would work because PolicyKit proper doesn't care about how you authenticate identities. Also, at the end of the day, an PolicyKit authentication agent is just a simple app that shows a dialog that interfaces with the authentication subsystem and talks to the PolicyKit daemon. Rewriting that won't cause changes in any apps and it wouldn't be a lot of work I think. David _______________________________________________ polkit-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/polkit-devel
