While backporting the patch to SLE15, I'm thinking about removing the pesign-authorize-users/groups scripts completely. For SLE/openSUSE, we never use the daemon mode to sign EFI images, and the signing script for the customers also just uses pesign directly. Besides, there was no complaint about the broken path in pesign.service.in, so I wonder if there is any real SLE/openSUSE user of daemon mode.