https://bugzilla.novell.com/show_bug.cgi?id=850807
https://bugzilla.novell.com/show_bug.cgi?id=850807#c13
--- Comment #13 from Sebastian Krahmer 2014-07-14 12:47:22 UTC ---
We can discuss whether enrolling is something that should be
possible by users or admin-only (do not forget to include
the fix http://bugzillafiles.novell.org/attachment.cgi?id=542285
in either case.)
However I wonder that verify needs to be whitelisted for users,
because fprintd is contacted via pam_fprint, which means the code
that tries to verify the user already runs privileged via the PAM
stack. So auth_admin:auth_admin:auth_admin should work at least.
What might happen is that you try to authorize via sudo-like
program and the PAM stack is running with euid=0 and uid=user
so that the polkit stack is confused and returns 'user' when looking
up the originator of the dbus-connection thats initiated by pam_fprint.
In fact it should alredy return 'admin' as its triggered from the PAM
stack during an already privileged operation.
I'd try to check with my setup and if we can make a small fix for
pam_fprint. If that doesnt work we have to relax the polkit rules :/
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.