tangent: PolicyKit and PAM

Seth Vidal skvidal at fedoraproject.org
Tue Nov 24 18:53:51 UTC 2009

On Tue, 24 Nov 2009, Matthew Miller wrote:

> On Tue, Nov 24, 2009 at 01:27:40PM -0500, Matthias Clasen wrote:
>>> Like I said, this is a tangent, and I'm certainly not expecting anyone to
>>> work on this. But it'd be cool if they did.
>> Just as everybody else is struggling to get away from pam's awful
>> apis...I don't think this would be a step forward; but sure, it might be
>> doable.
> The awful API is actually an argument _for_ doing such a thing: it gets
> encapsulated away in only one place that needs to be maintained, and
> everyone can just write to PolicyKit.

And in general having the logging of security-elevation events be in the 
lowest common denominator piece of code or interface keeps important 
information from getting lost due to insufficient logging in a calling app.


More information about the security mailing list