https://bugzilla.novell.com/show_bug.cgi?id=850807 https://bugzilla.novell.com/show_bug.cgi?id=850807#c13 --- Comment #13 from Sebastian Krahmer <krahmer@suse.com> 2014-07-14 12:47:22 UTC --- We can discuss whether enrolling is something that should be possible by users or admin-only (do not forget to include the fix http://bugzillafiles.novell.org/attachment.cgi?id=542285 in either case.) However I wonder that verify needs to be whitelisted for users, because fprintd is contacted via pam_fprint, which means the code that tries to verify the user already runs privileged via the PAM stack. So auth_admin:auth_admin:auth_admin should work at least. What might happen is that you try to authorize via sudo-like program and the PAM stack is running with euid=0 and uid=user so that the polkit stack is confused and returns 'user' when looking up the originator of the dbus-connection thats initiated by pam_fprint. In fact it should alredy return 'admin' as its triggered from the PAM stack during an already privileged operation. I'd try to check with my setup and if we can make a small fix for pam_fprint. If that doesnt work we have to relax the polkit rules :/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.