Lørdag den 19. november 2011 12:24:17 skrev Kim D. Leyendecker:

*Before* reading my mail, please note: openSUSE 11.4 ran perfect on my machine, after the upgrade to 12.1, networkmanager doesn't run at all.I can't connect to my router anymore (which worked yesterday, even with 12.1). The result is a completely angry user, who just wants his sane and working 11.4-like system back. Please excuse my offending mail, but I'm boiling totally.

My problem:

After the upgrade, NetworkManager doesn't ran anymore. I did some searching and fixed the problem. Now, today, I started my machine but NM can't connect anymore. It just says something like:

Wait for authorization

On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.

Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.

The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections... But why use NetworkManager on a workstation to begin with? Using NM only makes sense when you have to connect to different networks _often_. You should use ifup on a workstation and save yourself the agony. And see /var/log/NetworkManager for more detailed information on what goes wrong. If plasmoid-networkmanagement is failing, try the gnome applet to see if the problem is with the applet or the backend. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Martin Schlander wrote:

The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...

This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments. These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere. They are also often not in the habit of giving employees admin or root access. This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them. In many locations, WiFi is the only option, as Ethernet is not available. Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sat, Nov 19, 2011 at 13:46, James Knott wrote:

This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments.  These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere.  They are also often not in the habit of giving employees admin or root access.  This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them.  In many locations, WiFi is the only option, as Ethernet is not available.  Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users.

So you didn't read/see Stefan Seyfried's reply in the other thread you participated in on this same topic? Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root." So.. on to the next rant then, err, I mean discussion :-) C. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Saturday, November 19, 2011 03:03:54 PM C wrote:

Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root."

So.. on to the next rant then, err, I mean discussion

C. -- I never have that checked, and it still asks for root authorization. Two machines. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

2011/11/19 James Knott :

Martin Schlander wrote:

...

The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...

This is an incredibly stupid and short sighted decision that will impair adoption of Linux in corporate environments.  These days, companies often provide employees with notebook computers, with the expectation they will be used elsewhere.  They are also often not in the habit of giving employees admin or root access.  This means an employee, at home, travelling on business or just in the local coffee shop, will not be able to use WiFi, unless that company is prepared to send someone with root access along with them.  In many locations, WiFi is the only option, as Ethernet is not available.  Unless there is some way for an admin to turn off this "feature", it will cause problems for corporate users.

Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD. Have a nice day. NM

-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-- Nelson Marques /* http://www.marques.so   nmo.marques@gmail.com */ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am Samstag, 19. November 2011, 20:18:46 schrieb Nelson Marques:

Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD.

https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.gnome.org/show_bug.cgi?id=646187 http://mail.gnome.org/archives/networkmanager-list/2011- September/msg00216.html Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am Samstag, 19. November 2011, 15:41:03 schrieb James Knott:

So, as far as I can tell, it is not possible to configure a WiFi connection without the root password in 12.1. I just tried again in 11.4 and the process is much the same, but no password required.

You are right. It's called "system connection" in KDE's applet and "available for all users" in nm-applet but they do the same. Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password. The thing that bugs me most about it is that formating / and keeping /home does still remove all network connections. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Sven Burmeister wrote:

Am Samstag, 19. November 2011, 20:18:46 schrieb Nelson Marques:

...

Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD.

https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.gnome.org/show_bug.cgi?id=646187 http://mail.gnome.org/archives/networkmanager-list/2011- September/msg00216.html

Sven

So, it appears someone didn't consider the implications of this "feature". It's going to be a show stopper for corporate users. While it may be working as designed, the design is seriously flawed. Hopefully it gets fixed soon. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Why is that if is you can configure them on a per/user basis ? NM 2011/11/19 James Knott :

Sven Burmeister wrote:

...

Am Samstag, 19. November 2011, 20:18:46 schrieb Nelson Marques:

...

Very nice, but you missed one point, you only need root if you tick the option to make it available for all users... So all of this is really FUD.

https://bugzilla.novell.com/show_bug.cgi?id=713639 https://bugzilla.gnome.org/show_bug.cgi?id=646187 http://mail.gnome.org/archives/networkmanager-list/2011- September/msg00216.html

Sven

So, it appears someone didn't consider the implications of this "feature".  It's going to be a show stopper for corporate users.

While it may be working as designed, the design is seriously flawed.  Hopefully it gets fixed soon.

-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-- Nelson Marques /* http://www.marques.so   nmo.marques@gmail.com */ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Nelson Marques wrote:

Why is that if is you can configure them on a per/user basis ?

An employee goes on a business trip and has to use WiFi to set up a VPN back to the corporate network. WiFi has to be used because hotels generally do not provide Ethernet. How does he set up the WiFi connection, at the hotel, if he doesn't have the root password? Is the company going to send out someone to configure the WiFi? As I mentioned in another note, I tried to set up a configuration for a single user and guess what? By default it sets up for a single user and still requires root password to do so. There is no method that I could see that allowed configuration of a WiFi connection without root password. Have you tried it in 12.1? I have many times and always had to use the root password. This makes 12.1 unsuitable for corporate users that expect to use WiFi away from the office. Even in the office, they'll have to get support to configure it for the office network. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:

Sven Burmeister wrote:

...

Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.

As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.

I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT. I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 19.11.2011 12:52, Martin Schlander wrote:

Lørdag den 19. november 2011 12:24:17 skrev Kim D. Leyendecker:

...

On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.

Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.

I don't, with all my 12.1 installations. Try nm-applet if KDE fails.

The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...

No, it doesn't. Only if you want to create a "system connection", that's the "make this connection available to all users" checkbox. Unfortunately, this checkbox now seems to be the default. If you uncheck it, no root permissions are needed. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am Sonntag, 20. November 2011, 01:52:32 schrieb Stefan Seyfried:

I don't, with all my 12.1 installations. Try nm-applet if KDE fails.

That won't help since it's a NetworkManager issue.

...

The fantastic new completely refactored NM 0.9 now needs root privs to create or edit connections...

No, it doesn't. Only if you want to create a "system connection", that's the "make this connection available to all users" checkbox.

Unfortunately, this checkbox now seems to be the default. If you uncheck it, no root permissions are needed.

Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 19.11.2011 19:43, Roger Luedecke wrote:

...

I never have that checked, and it still asks for root authorization. Two machines.

nm-applet? or KDE?

On Sunday, November 20, 2011 01:53:45 AM Stefan Seyfried wrote: plasmoid-nm I do not remember if nm-applet needs it too since I only used it once to configure my Mobile Broadband. http://wstaw.org/m/2011/11/20/nmneedsrootafterputtinginwifipassword.png -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 20.11.2011 01:59, Sven Burmeister wrote:

Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.

Definitely not here. Nice to see that you know my setup better than I do. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sunday, November 20, 2011 02:40:57 AM Stefan Seyfried wrote:

On 20.11.2011 01:59, Sven Burmeister wrote:

...

Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.

Definitely not here. Nice to see that you know my setup better than I do. Did you do something different to your setup? Mine is default since policykit is greek to me.

Is it possible that for some reason the configurations may be different on different installations? -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Kim Leyendecker wrote:

Anyway, you shouldn´t discuss it here. It would be better to right talk with the upstream projects instead of having endless discussions here (and also spamming our mailboxes ;-) ).

So, please go upstream with it, this would be more helpful for us all :-)

I am an openSUSE user, discussing bugs in openSUSE and even participate in the bug reporting. I expect the builders to take responsibility for the distro problems and if necessary, take them upstream. Your idea is like asking a car owner to discuss problems with an OEM parts maker, because Ford, GM, etc. didn't make the part causing the problem. BTW, I used to do 3rd level support at IBM Canada and if there was a problem with one of my products, it was my responsibility to take it to the developers, even if at another company, if necessary. I'd get fired if I ever told a user to contact the developers themselves. I got my distro from openSUSE and not KDE, so it's openSUSE I deal with. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Stefan Seyfried wrote:

On 19.11.2011 19:43, Roger Luedecke wrote:

...

I never have that checked, and it still asks for root authorization. Two machines.

nm-applet? or KDE?

I believe its nm-applet. I see something that's called nm09. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Saturday, November 19, 2011 10:43:20 PM James Knott wrote:

Martin Schlander wrote:

...

Lørdag den 19. november 2011 21:11:18 skrev James Knott:

...

C wrote:

...

So you didn't read/see Stefan Seyfried's reply in the other thread you participated in on this same topic?

Quoting Stefan: "Just uncheck the "available to all users" box in nm-connetion-editor and you won't need root."

Actually, I don't recall seeing that one.

In the KDE plasmoid it's called "System connections"

I have never selected that and I've always had to enter the root password in 12.1. I never had to in 11.4 or earlier. I ran some tests to double check it. Both GNOME and KDE require root no matter what option you check or uncheck. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:

...

Sven Burmeister wrote:

...

Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.

As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.

I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.

I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.

Sven As far as it being an issue of corporate IT though, one could safely assume

On Sunday, November 20, 2011 01:33:17 AM Sven Burmeister wrote: that their tech guy would know the need to restrict and could institute the policy. Having it set as default becomes an issue to new users potentially, whereas a corporate security scenario would be audited anyway. Having it as default behavior serves no purpose. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Sven Burmeister wrote:

...

I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.

I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.

I don't have a problem with it being an option controlled by root, but the way things are, employees are expected to be able to set up a Wifi connection when away from the office. With 12.1, it is apparently impossible to do so.

Apparenty, this problem is due to the settings being stored in a non user area. Perhaps the solution for this is to make that area group writeable. Anyone know where that stuff is stored? From what I can tell, it looks more like its a setting in policy kit. But as

On Saturday, November 19, 2011 11:08:27 PM James Knott wrote: policy kit is greek to me I can't say for certain. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am Samstag, 19. November 2011, 23:12:53 schrieb James Knott:

Sven Burmeister wrote:

...

So DoD wants their users to be able to connect to any network and thus give that network access to the computer, leaving alone connecting to insecure networks etc.? Does not make sense to me.

It is possible to increase security by methods such as mandatory firewall limiting connections, forcing VPN to start and changing the default route to the VPN. However, this is why I said it should be configurable by root, so that it can be implemented if necessary.

Indeed. One might change the default policy settings and leave it to the admin to make them more restrictive if needed. If you read the bug at gnome.org that's what they try to implement, including not asking for a root password in case the connection should only be available to the user that creates it. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am Samstag, 19. November 2011, 23:16:51 schrieb James Knott:

Roger Luedecke wrote:

...

...

I believe its nm-applet. I see something that's called nm09.

This issue happens with both the GNOME and KDE NetworkManager GUI's.

Well, that proves it. We'll have to take it upstream to KDE. ;-)

Not in this particular case, but bugs that are not openSUSE specific should always be taken upstream and if a fix is available you can mediate it via openSUSE's bugzilla in case it's worth an official update. Sven -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Sven Burmeister wrote:

How frustrated does one have to be to be that narrow-minded? And ignorant about the reports mentioned in this thread as well. But thanks for showing where your "criticism" comes from.

I guess you missed the ";-)" in my message and the ":-)" in the one you're replying to. We were being sarcastic. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 20.11.2011 02:51, Roger Luedecke wrote:

On Sunday, November 20, 2011 02:40:57 AM Stefan Seyfried wrote:

...

On 20.11.2011 01:59, Sven Burmeister wrote:

...

Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.

Definitely not here. Nice to see that you know my setup better than I do. Did you do something different to your setup? Mine is default since policykit is greek to me.

Not knowingly, but the machine is updated since ~11.2 with Factory constantly, so something I had to set as a bug workaround years ago might now save my day. Hint: the same will probably be true for the developers and so this unfortunate bug crept in. So what. Had everyone done his duty during beta-test this could have been caught. Now people are stealing the developers precious time with useless discussions here about something that's simply a bug. Were I Will, I would call for the Censor^WModerator of this list to avoid this waste of time ;-)

Is it possible that for some reason the configurations may be different on different installations?

It is of course not impossible, but I doubt it. -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sunday 20 Nov 2011 15:50:48 Stefan Seyfried wrote:

On 20.11.2011 02:51, Roger Luedecke wrote:

...

On Sunday, November 20, 2011 02:40:57 AM Stefan Seyfried wrote:

...

On 20.11.2011 01:59, Sven Burmeister wrote:

...

Wrong, please read the bug reports linked in this thread. Creating a connection does always need root privileges.

Definitely not here. Nice to see that you know my setup better than I do.

Did you do something different to your setup? Mine is default since policykit is greek to me.

Not knowingly, but the machine is updated since ~11.2 with Factory constantly, so something I had to set as a bug workaround years ago might now save my day.

Hint: the same will probably be true for the developers and so this unfortunate bug crept in. So what. Had everyone done his duty during beta-test this could have been caught.

Now people are stealing the developers precious time with useless discussions here about something that's simply a bug.

Were I Will, I would call for the Censor^WModerator of this list to avoid this waste of time ;-)

As Will, I think I've just removed the point of this little spat with my other mail on this thread, but thanks for calling me names. Now would you care to check why your system does not throw a polkit dialog on creating a new unshared connection (org.freedesktop.NetworkManager.settings.modify.own)? See the value of POLKIT_DEFAULT_PRIVS in /etc/sysconfig/security and check the appropriate SUSE specific overrides (/etc/polkit-default- privs.* and .local) If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy Will

...

Is it possible that for some reason the configurations may be different on different installations?

It is of course not impossible, but I doubt it.

-- Will Stephenson, openSUSE Team SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 20.11.2011 16:55, Will Stephenson wrote:

Now would you care to check why your system does not throw a polkit dialog on creating a new unshared connection (org.freedesktop.NetworkManager.settings.modify.own)?

See the value of POLKIT_DEFAULT_PRIVS in /etc/sysconfig/security and check the appropriate SUSE specific overrides (/etc/polkit-default- privs.* and .local)

susi:~ # grep POLKIT_DEFAULT_PRIVS /etc/sysconfig/security POLKIT_DEFAULT_PRIVS="" susi:/etc # grep NetworkManager -r polkit* polkit-default-privs.restrictive:org.freedesktop.NetworkManager.enable-disable-network auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.enable-disable-wifi auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.enable-disable-wwan auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.use-user-connections auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.network-control auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.sleep-wake auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.enable-disable-wimax auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.wifi.share.protected auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.wifi.share.open auth_admin polkit-default-privs.restrictive:org.freedesktop.NetworkManager.settings.modify.own auth_admin_keep polkit-default-privs.restrictive:org.freedesktop.NetworkManager.settings.modify.system auth_admin_keep polkit-default-privs.restrictive:org.freedesktop.NetworkManager.settings.modify.hostname auth_admin polkit-default-privs.standard:org.freedesktop.NetworkManager.enable-disable-network auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.enable-disable-wifi auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.enable-disable-wwan auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.use-user-connections auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.network-control auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.sleep-wake auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.enable-disable-wimax auth_admin:auth_admin:yes polkit-default-privs.standard:org.freedesktop.NetworkManager.wifi.share.protected auth_admin polkit-default-privs.standard:org.freedesktop.NetworkManager.wifi.share.open auth_admin polkit-default-privs.standard:org.freedesktop.NetworkManager.settings.modify.own auth_admin_keep polkit-default-privs.standard:org.freedesktop.NetworkManager.settings.modify.system auth_admin_keep polkit-default-privs.standard:org.freedesktop.NetworkManager.settings.modify.hostname auth_admin susi:/etc # rpm -V polkit-default-privs susi:/etc # So it looks to my untrained eye as it should not work :-) I was messing around a long time ago with the kde4 policykit settings module in systemsettings. Maybe this made me "always admin"? Does anybody know how to "reset to factory setting" the policykit stuff without a clean reinstall?

If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy

Well I don't think they are missing here me, but the closer I'm looking at it, the stranger it is that it actually works ;-) -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sunday 20 November 2011 16:55:27 Will Stephenson wrote:

If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy

We seriously truly need a good GUI admin interface for PolicyKit, that will take all the configuration files, and present the current settings in a comprehensive manner, and allow an admin to make changes. Having to scour the file system for configuration files, hoping to have found all configured locations for them, and all possible places a particular setting is, is - and I don't think this is hyperbole - madness. PolicyKit I'm sure was introduced to make things easier, but the truth is that it's a fricking mess of magnificent proportions (no prizes for guessing which company is responsible for it) and it desperately needs to be cleaned up I really hope someone who really understands PolicyKit could write something like that I also really wish we would stop allowing Red Hat to destroy our OS Anders -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Anders Johansson wrote:

On Sunday 20 November 2011 16:55:27 Will Stephenson wrote:

...

If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy

We seriously truly need a good GUI admin interface for PolicyKit, that will take all the configuration files, and present the current settings in a comprehensive manner, and allow an admin to make changes.

Having to scour the file system for configuration files, hoping to have found all configured locations for them, and all possible places a particular setting is, is - and I don't think this is hyperbole - madness. PolicyKit I'm sure was introduced to make things easier, but the truth is that it's a fricking mess of magnificent proportions (no prizes for guessing which company is responsible for it) and it desperately needs to be cleaned up

I really hope someone who really understands PolicyKit could write something like that

I also really wish we would stop allowing Red Hat to destroy our OS

Anders

There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sunday 20 November 2011, Anders Johansson wrote:

I really hope someone who really understands PolicyKit could write something like that

I also really wish we would stop allowing Red Hat to destroy our OS

Hehe, I'd like to maintain a non-poettering openSUSE branch! I wonder if this could be done having a few people working on it? cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 20.11.2011 17:49, Anders Johansson wrote:

What do you have in /etc/polkit-1/localauthority.conf.d ?

bingo: susi:/etc/polkit-1/localauthority.conf.d # grep -v ^# * 50-localauthority.conf: 50-localauthority.conf:[Configuration] 50-localauthority.conf:AdminIdentities=unix-user:0 75-polkitkde.conf:[Configuration] 75-polkitkde.conf:AdminIdentities=unix-user:seife susi:/etc/polkit-1/localauthority.conf.d # l * -rw-r--r-- 1 root root 267 Nov 11 09:36 50-localauthority.conf -rw-rw-r-- 1 root root 48 Nov 4 2010 75-polkitkde.conf So no wonder I'm allowed to do everything :-) -- Stefan Seyfried "Dispatch war rocket Ajax to bring back his body!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sunday, November 20, 2011 05:59:38 PM Anders Johansson wrote:

On Sunday 20 November 2011 16:55:27 Will Stephenson wrote:

...

If those are missing, I wonder whether the SUSE patch would fall back to the more permissive upstream NM default, ie /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy

We seriously truly need a good GUI admin interface for PolicyKit, that will take all the configuration files, and present the current settings in a comprehensive manner, and allow an admin to make changes.

Having to scour the file system for configuration files, hoping to have found all configured locations for them, and all possible places a particular setting is, is - and I don't think this is hyperbole - madness. PolicyKit I'm sure was introduced to make things easier, but the truth is that it's a fricking mess of magnificent proportions (no prizes for guessing which company is responsible for it) and it desperately needs to be cleaned up

I really hope someone who really understands PolicyKit could write something like that

I also really wish we would stop allowing Red Hat to destroy our OS

Anders I was looking at the policy kit thingamabob in Sytem Settings and it looks robust, and not too complicated. Having the help files actually having some documentation would be the biggest help I could imagine. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Gah, I wish I'd joined this thread earlier before the flames started. This issue is due to SUSE-specific excessively (IMO) strict default PolicyKit-1 configuration for NetworkManager, not KDE or GNOME:

https://bugzilla.novell.com/show_bug.cgi?id=716291

Comment #9 gives a workaround that restores the 11.4 behaviour, that I think should be the default. I was looking at the policykit sytem setting module last night since the

On Sunday, November 20, 2011 04:45:48 PM Will Stephenson wrote: dialog for authentication referenced policy kit. From what I could tell (I can't find proper documentation, so it may be purely guesswork) the settings regarding NetworkManager seem to be such that the behavior should be akin to 11.4. However, if our sytem policies are not implemented correctly... that is that the module is not displaying accurate information, then we have done something horribly wrong. Also, it seems rather strange that I can fiddle with policykit settings in there with no authentication. Seems like a bigger security risk than a looser wifi thingamajig. -- Roger Luedecke openSUSE Ambassador Ind. Repairs and Consulting **Looking for a C++ etc. mentor*** -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 11/20/2011 03:35 PM, James Knott wrote:

James Knott wrote:

...

There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden.

Not only does it frequently fail to connect. It also drops existing connections. WiFi in 12.1 appears to be very flakey.

That does not conform with my experience. Connections are quick and stable for most drivers. What device do you have? Larry -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Sunday 20 November 2011 23:08:39 C wrote:

The work around, is to force the network manager to disconenct, then edit the connection - you will see that it has forgotten the WiFi password. Enter it and save then try reconnecting... it might timeout again... [...]

That's what I experienced here with 12.1 on an Acer Travelmate 5735Z-452G32Mnss. After a while I found a workaround: when I HW-disable wifi (via acer-wmi key) and re-enable it, the access point is always found and automatically used, just like it was with 11.4 (up to the last tumbleweed kernel). m. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Larry Finger wrote:

On 11/20/2011 03:35 PM, James Knott wrote:

...

James Knott wrote:

...

There appears to be another bug (#727857) that's caused by that policykit. At the moment, I can't connect via WiFi, because nm is waiting for authorization. The access point is working properly and I can connect to it, if I reboot into Windows 7. Further, when managing connections and root password is needed, the password box is usually hidden.

Not only does it frequently fail to connect. It also drops existing connections. WiFi in 12.1 appears to be very flakey.

That does not conform with my experience. Connections are quick and stable for most drivers. What device do you have?

Larry

I have a Realtek WiFi in a ThinkPad E520. The fail to connect problem has that bug report that was put in by someone else, so I'm not the only one experiencing it. I just turned on the computer and the WLAN interface is now "Waiting for authorization". -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 11/20/2011 04:40 PM, James Knott wrote:

I have a Realtek WiFi in a ThinkPad E520. The fail to connect problem has that bug report that was put in by someone else, so I'm not the only one experiencing it. I just turned on the computer and the WLAN interface is now "Waiting for authorization".

There are 6 different Realtek wireless devices with kernel drivers. Could you be a bit more specific? Larry -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2011-11-19 at 22:41 -0500, James Knott wrote: ...

I got my distro from openSUSE and not KDE, so it's openSUSE I deal with.

+1 - -- Cheers, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk7JlbMACgkQtTMYHG2NR9VjBQCdEDD6MyqQy6lnYq29V8Hm4T27 m8cAn28MhZhj4FC9E/c2KgOvynYQEOFi =KoHC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Le dimanche 20 novembre 2011, à 01:33 +0100, Sven Burmeister a écrit :

Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott:

...

Sven Burmeister wrote:

...

Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password.

As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design.

I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by the admin can also be a security risk for corporate IT.

I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections.

I think it's something like putting org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs. Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 21/11/11 20:16, Basil Chupin wrote:

On 21/11/11 18:28, Vincent Untz wrote:

...

Le dimanche 20 novembre 2011, à 01:33 +0100, Sven Burmeister a écrit :

...

...

...

Read the bug reports I posted, the issue is known. Root is only needed for creating the connection because it is saved outside user-space. Connecting however works without root password. As owner of my computers, it's not a problem to enter the root

Sven Burmeister wrote: password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design. I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by

Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott: the admin can also be a security risk for corporate IT.

I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections. I think it's something like putting

org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes

in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs.

Vincent

Gentlemen,

While you are debating as to what to do where and to whom to stop this Authorisation Required message thingie, I am being bombarded every few minutes with this message.

Suddenly, today, I started to get this message for no reason at all.

What needs to be done to get rid of this pest, please?

I am running the now-officially-released 32-bit oS 12.1 - with KDE4.7.3 and kernel 3.1.1 - which means that I should be posting this message in Help and not Factory; but I accidentally stumbled on your exchanges which is why I am writing this here.

So, will what Vintent states (above) rid me of this pesky pop-up message from (?)NetworkManager?

Thanks.

BC

Oh, sorry, I forgot to mention that I am running the Desktop kernel and not the Default which comes with 12.1. BC -- Diapers and politicians should be changed often; both for the same reason. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 21/11/11 22:14, Will Stephenson wrote:

On Monday 21 November 2011 20:18:53 Basil Chupin wrote:

...

On 21/11/11 20:16, Basil Chupin wrote:

...

On 21/11/11 18:28, Vincent Untz wrote:

...

Le dimanche 20 novembre 2011, à 01:33 +0100, Sven Burmeister a écrit :

...

...

Sven Burmeister wrote: > Read the bug reports I posted, the issue is known. Root is only > needed > for creating the connection because it is saved outside > user-space. > Connecting however works without root password. As owner of my computers, it's not a problem to enter the root password. However, it is a serious problem in corporate environments, where a user, who likely won't have the root password, will not be able to use WiFi at home or elsewhere. It's an extremely *STOOPID* design. I think it does make sense to be able to restrict users to not be able to add more network configs. Whether it should be default is debatable. But allowing everybody to add connections and thus working around the connections set-up by

Am Samstag, 19. November 2011, 16:31:57 schrieb James Knott: the admin can also be a security risk for corporate IT.

I'm not sure but there should be a policy-kit setting somewhere to allow everybody to create connections. I think it's something like putting

org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.system auth_admin:auth_admin:yes

in /etc/polkit-default-privs.local and then run /sbin/set_polkit_default_privs.

Vincent Gentlemen,

While you are debating as to what to do where and to whom to stop this Authorisation Required message thingie, I am being bombarded every few minutes with this message.

Suddenly, today, I started to get this message for no reason at all.

What needs to be done to get rid of this pest, please?

I am running the now-officially-released 32-bit oS 12.1 - with KDE4.7.3 and kernel 3.1.1 - which means that I should be posting this message in Help and not Factory; but I accidentally stumbled on your exchanges which is why I am writing this here.

So, will what Vintent states (above) rid me of this pesky pop-up message from (?)NetworkManager?

Thanks.

BC Oh, sorry, I forgot to mention that I am running the Desktop kernel and not the Default which comes with 12.1. I posted the link to the workarounds elsewhere in this thread already

WIll

Thanks Will. I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? BC -- Diapers and politicians should be changed often; both for the same reason. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 21/11/11 23:27, Will Stephenson wrote:

On Monday 21 November 2011 23:06:46 Basil Chupin wrote:

...

I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? Either version is fine for what you want to do.

Will

Thank you, Will. BC -- Diapers and politicians should be changed often; both for the same reason. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am 20.11.2011 16:45, schrieb Will Stephenson:

On Saturday 19 Nov 2011 12:24:17 Kim D. Leyendecker wrote:

...

Howdy all,

*Before* reading my mail, please note: openSUSE 11.4 ran perfect on my machine, after the upgrade to 12.1, networkmanager doesn't run at all.I can't connect to my router anymore (which worked yesterday, even with 12.1). The result is a completely angry user, who just wants his sane and working 11.4-like system back. Please excuse my offending mail, but I'm boiling totally.

My problem:

After the upgrade, NetworkManager doesn't ran anymore. I did some searching and fixed the problem. Now, today, I started my machine but NM can't connect anymore. It just says something like:

Wait for authorization

On 11.4 it used to be KWallet which asked my a password for NM. With 12.1 it's a KDE-su like one.

Does anyone else has the problem? I'm writing from my notebook because my workstation isn't connected anymore.

Please, can you help me? Gah, I wish I'd joined this thread earlier before the flames started. This issue is due to SUSE-specific excessively (IMO) strict default PolicyKit-1 configuration for NetworkManager, not KDE or GNOME:

https://bugzilla.novell.com/show_bug.cgi?id=716291

Comment #9 gives a workaround that restores the 11.4 behaviour, that I think should be the default.

In https://bugzilla.novell.com/show_bug.cgi?id=716291#c9 you wrote the following: I suggest (for laptops at least) org.freedesktop.NetworkManager.network-control auth_admin:auth_admin:yes org.freedesktop.NetworkManager.settings.modify.own auth_admin:auth_admin:yes org.freedesktop.NetworkManager.wifi.share.protected auth_admin:auth_admin:yes org.freedesktop.NetworkManager.wifi.share.open auth_admin:auth_admin:yes org.freedesktop.ModemManager.Device.Control auth_admin:auth_admin:yes The last one allows the user to unlock the modem with a PIN I think Juergen's suggestion goes too far, since that allows all logged in users to modify all users' connections. Where exactly can I find the config-file to make the change?

Then everyone else on the thread, please consider how much funner* your Sunday email would have been had you checked bugzilla a bit harder before launching the 'Report bugs upstream'/'Ask for a refund!'/"In the real world, you'd be fired for this"/'KDE sucks!'/'You suck!' Mutally Assured Community Destruction missiles.

Will

* for my nonviolent definition of fun.

I guess since humans are argue-addicted you´ll never will stop that behavior. Just have a look at me: I´m sometimes (only sometimes?) acting like a complete jackass. Even without knowing about /that/ I´m acting alike ;-) thanks for your help, --kdl -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On Monday 21 Nov 2011 18:22:09 Kim Leyendecker wrote:

Where exactly can I find the config-file to make the change?

https://bugzilla.novell.com/show_bug.cgi?id=716291#c6 -- Will Stephenson, openSUSE Team SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Am 21.11.2011 19:18, schrieb Will Stephenson:

On Monday 21 Nov 2011 18:22:09 Kim Leyendecker wrote:

...

...

Where exactly can I find the config-file to make the change? https://bugzilla.novell.com/show_bug.cgi?id=716291#c6

thanks, at least it doesn´t need root privileges anymore! Let´s see if it will connect to my router the next to times I start my machine. thanks for your help, -- -o) Kim Leyendecker, openSUSE Community Member /\\ GPG Key: 664265369547B825 | leyendecker@opensuse.org _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 21/11/11 23:27, Will Stephenson wrote:

On Monday 21 November 2011 23:06:46 Basil Chupin wrote:

...

I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? Either version is fine for what you want to do.

Will

Hi Will, Further to the above, I have applied your suggested patch (the first one) and this policykit crap still keeps coming back every few minutes! It is driving me nuts! I just checked the progress of this bug and the last comment (#25): Ludwig Nussel 2011-12-06 08:16:26 UTC actually already released states, as you can see, that the fix had been released at the beginning of this month. But where is it? (There goes this policykit crap again! "Who will rid me of this pesky policykit thing?") Can yo throw some light on this thing, please? BC -- It is easy to convince people of something, but hard to keep them convinced. Niccolo Machiavelli -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 18/12/11 20:42, Bernhard M. Wiedemann wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

...

On 21/11/11 23:27, Will Stephenson wrote:

...

On Monday 21 November 2011 23:06:46 Basil Chupin wrote:

...

I take it that comment #6, rather than #9 which you seem to suggest would be more applicable to laptops, in https://bugzilla.novell.com/show_bug.cgi?id=716291, is the one to apply? Either version is fine for what you want to do.

Will Hi Will,

Further to the above, I have applied your suggested patch (the first one) and this policykit crap still keeps coming back every few minutes! It is driving me nuts!

I just checked the progress of this bug and the last comment (#25):

Ludwig Nussel 2011-12-06 08:16:26 UTC

actually already released

states, as you can see, that the fix had been released at the beginning of this month. But where is it?

Am 18.12.2011 06:41, schrieb Basil Chupin: this is in the normal update repo: http://download.opensuse.org/update/12.1/noarch/polkit-default-privs-12.1-10...

and I have got it installed by "zypper up" over two weeks ago

When you run grep PERMISSION_SECURITY /etc/sysconfig/security does it say "easy local" ? if there would be "secure", it would explain such problems.

Ciao Bernhard M. Thanks, Bernhard, for your response. Sorry for taking some time to respond.

Well, I do the zypper-dance every morning without missing a beat and while I do have the above rpm installed it was installed on 29 November; but the authorisation nonsense is still coming up. The output from the grep command you mentioned above is: linux-xxxx:~ # grep PERMISSION_SECURITY /etc/sysconfig/security # PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or PERMISSION_SECURITY="easy local" Is this what was to be expected? BC -- It is easy to convince people of something, but hard to keep them convinced. Niccolo Machiavelli -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org