Bug 955501

Summary: No prompt for Policy Kit authorization
Product: [Fedora] Fedora Reporter: Branislav Náter <bnater>
Component: realmdAssignee: Stef Walter <stefw>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: jhrozek, pkis, stefw, yaneti, yelley
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-29 16:49:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Branislav Náter 2013-04-23 07:43:16 UTC 
Description of problem:
Test case: https://fedoraproject.org/wiki/QA:Testcase_FreeIPA_realmd_join

While joining domain, I should be be prompted for Policy Kit authorization. No such prompt appears.

Version-Release number of selected component (if applicable):
realmd-0.13.3-2.fc19.x86_64

Steps to Reproduce:
Follow TC steps
Comment 1 Stef Walter 2013-04-23 13:46:22 UTC 
Are you running the commands as root? Where are you running the commands from?
Comment 2 Branislav Náter 2013-04-23 14:50:01 UTC 
I'm running command as root user from client machine (client.skynet.com)
(I'm not able to run it as regular user: "realm: Couldn't join realm: Not authorized to perform this action")

Policy Kit authorization prompt should appear also during leaving realm. It doesn't appears either.

[root@client /]# realm -v leave
 * LANG=C /usr/sbin/ipa-client-install --uninstall --unattended
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.
 * Removing entries from keytab for realm
 * /usr/sbin/sss_cache --users --groups --netgroups --services --autofs-maps
No objects of type netgroup from domain skynet.com in the cache, skipping
No objects of type service from domain skynet.com in the cache, skipping
No objects of type autofs map from domain skynet.com in the cache, skipping
 * Removing domain configuration from sssd.conf
 * Successfully unenrolled machine from realm
[root@client /]#
Comment 3 Stef Walter 2013-04-24 11:32:55 UTC 
Root is allowed to perform these operations without further authorization. As to why users on the console do not (yet) get polkit authorization prompts, see:

https://bugs.freedesktop.org/show_bug.cgi?id=56319
Comment 4 Stef Walter 2013-04-29 16:49:36 UTC 

*** This bug has been marked as a duplicate of bug 867807 ***