tangent: PolicyKit and PAM
skvidal at fedoraproject.org
Tue Nov 24 18:53:51 UTC 2009
On Tue, 24 Nov 2009, Matthew Miller wrote:
> On Tue, Nov 24, 2009 at 01:27:40PM -0500, Matthias Clasen wrote:
>>> Like I said, this is a tangent, and I'm certainly not expecting anyone to
>>> work on this. But it'd be cool if they did.
>> Just as everybody else is struggling to get away from pam's awful
>> apis...I don't think this would be a step forward; but sure, it might be
> The awful API is actually an argument _for_ doing such a thing: it gets
> encapsulated away in only one place that needs to be maintained, and
> everyone can just write to PolicyKit.
And in general having the logging of security-elevation events be in the
lowest common denominator piece of code or interface keeps important
information from getting lost due to insufficient logging in a calling app.
More information about the security