2009/11/18 Seth Vidal <skvidal(a)fedoraproject.org>:
> I may be wrong, but I understand that this behaviour of
PackageKit
> only applies to users with direct console access (i.e. not remote
> shells). So, only users that are logged in via GDM or TTY would be
> able to perform such tasks.
>
> This significantly limits the number of users with powers to install
> signed software -- almost to the point of where it sounds like a fair
> trade-off. If someone has physical access to the machine, then heck --
> it's not like they don't already effectively "own" it.
>
> Not saying it's a good default policy -- but let's cool our heads.
might be worth testing that feature with pkcon from an ssh terminal. I've
not done that yet but I think it would be worth checking out.
Looks to be the case:
bubba@localhost's password:
[bubba@smaug ~]$ uqm
Command not found. Install package 'uqm' to provide command 'uqm'? [N/y]
* Installing packages..
* Getting information..
* Resolving dependencies..
The following packages have to be installed:
autodownloader-0.3.0-3.fc12.noarch GUI-tool to automate the download
of certain files
Proceed with changes? [N/y]
* Waiting for authentication.. The transaction failed:
not-authorized, Failed to obtain authentication.
[bubba@smaug ~]$
Let's calm down now, please. :)
--
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec