Comment # 6 on bug 1171115 from Fabian Vogt

I assume this happens because polkit-kde-authentication-agent-1 is killed
before the poweroff request is sent and the auth triggered.

Can you run "killall polkit-kde-authentication-agent-1;
/usr/lib64/libexec/polkit-kde-authentication-agent-1 &; disown" before
attempting a shut down? That should not get killed early and confirm the
theory.