policykit password unknown or broken

I am at the moment unable to use wireless internet nor my UMTS Modem on my laptop. Why? I installed 12.1, that’s why? Why trying to make secure what is already secure? Why annoying users with yet another password prompt when it simply comes to making an Internet connection?

At the moment I tried every password known in this system but none allow me to change anything in networkmanager. What is the policykit password? How to change it? Can it be blank please or no prompt at all?
I think my SIM card pin is secure enough to protect the UMTS

Is this only in KDE or do they annoy me also in Gnome? Or should I reinstall Windows again after 10 years or buy a Mac OS for big $ ?

Normally, kwallet takes care of internet passphrase authentication. Is it possible you set it up with your root password, or maybe a wireless password unintentionally?

Make sure that you are up to date with all system updates. Run online updates in Yast.

What you are seeing is mostly a NetworkManager problem. However, since 12.1 came out, there was a major update to NetworkManager that greatly improved things. There are still problems, in my opinion. But, with the updates, privately setting up network connections works without the root password. In KDE, you will be asked for the kde-wallet password. If you setup kde-wallet to stay open, then that should only happen once per login session.

If you have defined shared network connections (system connections), then any change to a defined connection will require the root password.

Yes, I am up-to-date, and yes that might have happened that unintentionally I set a kwallet password where there wasn’t one before.

Somebody gave me a better solution that gets rid of all password asking all together. I share it here for people with similar problems and annoyances:

  1. Edit /etc/polkit-default-privs.local and add the following lines:

org.freedesktop.network-manager-settings.system.modify yes
org.freedesktop.network-manager-settings.system.hostname.modify yes
org.freedesktop.network-manager-settings.system.wifi.share.protected yes
org.freedesktop.network-manager-settings.system.wifi.share.open yes
org.freedesktop.NetworkManager.enable-disable-network yes
org.freedesktop.NetworkManager.enable-disable-wifi yes
org.freedesktop.NetworkManager.enable-disable-wwan yes
org.freedesktop.NetworkManager.use-user-connections yes
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.sleep-wake yes

bnc#680140

org.freedesktop.NetworkManager.enable-disable-wimax yes
org.freedesktop.NetworkManager.wifi.share.protected yes
org.freedesktop.NetworkManager.wifi.share.open yes
org.freedesktop.NetworkManager.settings.modify.own yes
org.freedesktop.NetworkManager.settings.modify.system yes
org.freedesktop.NetworkManager.settings.modify.hostname yes

org.freedesktop.packagekit.system-network-proxy-configure yes
org.freedesktop.ModemManager.Device.Control yes

Whenever you still get a password prompt, let it fail on you with a wrong password and the last dialog window the org.freedesktop parameter that is still missing. Simply copy and past it to the end of the file with a yes. In fact the last line I added was done in this way, because I could not enter my SIM prompt without a password prompt.

  1. run from the console command line:

/sbin/set_polkit_default_privs as root to compile the changes

This effectively eliminated all policy kit prompts.

There is a guide on that here:

Chapter

However, for security reasons I don’t like the idea of doing away with authentication completely.

Still having problems. Now apparently the package update also uses policykit and again my root password is not recognised. What is wront here? Is there a way to get policykit recognise the root password, reset or sync it somehow?

/etc/PolicyKit/PolicyKit.conf is empty, I mean it only has:

<?xml version=“1.0” encoding=“UTF-8”?> <!-- -- XML -- –>

<!DOCTYPE pkconfig PUBLIC “-//freedesktop//DTD PolicyKit Configuration 1.0//EN”
http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd”>

<!-- See the manual page PolicyKit.conf(5) for file format –>

<config version=“0.1”>
</config>

Is that normal?

On 2012-02-04 23:06, erniecom wrote:
> Is that normal?

Yes.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

The policykit password is still bothering me with the apper upgrade. It asks authentication, I give the root password, just like on my desktop, but on my laptop it fails to authenticate. How to reset / resync Policykit password or how to make it authenticate with the root password (again)?

I don’t use apper, so I can’t advise directly. Can you update via zypper instead?

In a terminal (as root)

zypper up

This thread may apply to you too.

All good advices. I myself added apper to sudo, so now I can start it manually every now and then. The Yast Online update does not give me the same updates, only security stuff I guess.

It is bothering me the fact that policykit does not authenticate with the root password. There will not be many other cases (beside networkmanager) that it will kick in, but still the same I feel it was severe enough to report it as a bug.

On 02/12/2012 06:56 PM, erniecom wrote:
> I myself added apper to sudo, so now I can start it
> manually every now and then. The Yast Online update does not give me the
> same updates, only security stuff I guess.

Apper is broken…highly suggest you should disable or uninstall it…

instead use YaST Online Update for security patches and major bug
fixes…or, you can also get those by using “zypper patch” in a root
powered terminal…

and i you really want all the package upgrades given by Apper then use
“zypper up” in a terminal…

personally, i find “zypper up” has a tendency to too often bring in
conflicting software–but, if you want it do it with zypper and not Apper!


DD http://tinyurl.com/DD-Caveat
Read what Distro Watch writes: http://tinyurl.com/SUSEonDW

DenverD wrote:

> personally, i find “zypper up” has a tendency to too often bring in
> conflicting software–but, if you want it do it with zypper and not Apper!
>

I’m not saying that it would be impossible, but
I think I haven’t seen that, ever.

And I’ve been using zypper since it was introduced.

Vahis

http://waxborg.servepics.com
openSUSE 11.4 (x86_64) 2.6.37.6-0.11-default main host
openSUSE 12.1 (x86_64) 3.2.4-6-desktop Tumbleweed in VirtualBox
openSUSE 12.1 (i586) 3.1.9-1.4-desktop in EeePC 900

On 02/12/2012 07:46 PM, Vahis wrote:
> I’m not saying that it would be impossible, but
> I think I haven’t seen that, ever.

of course it depends on which repos you have enabled, refreshed and at
what priority they are…

on the other hand, by using “zypper patch” you only fetch from the
update repo, and if you use YaST Software Management instead of “zypper
up” it is not so easy to dump in a load of ‘bad wrong’ from conflicting
places…

certainly it depends on willingness to put in one bullet (or bad repo)
spin the cylinder, pull the trigger (or “zypper up”) and hope for good luck!

therefore, ymmv.


DD
Read what Distro Watch writes: http://tinyurl.com/SUSEonDW

Are your sure that

  1. this was a problem of PolicyKit in the first place (and not only of the KDE Keyring/“wallet” - I thought this would normally be used for the KDE/graphic programs with networkmanager)?
  2. you have modified the files for the according version of PolicyKit (the ones that controlled something for your 3G modem) - the ones for the old version are really called policykit/the ones for the new version normally polkit-1 or polkit, compare:

openSUSE Security Guide: Chapter 9. PolicyKit

PolicyKit Library Reference Manual (Version 0.8 Copyright © 2007 - see URL with …/PolicyKit)
PolicyKit Reference Manual (Version 0.104 Copyright © 2008-2009 - see URl with …/polkit)

puzzled pistazienfresser
(Martin Seidler)

DenverD wrote:
> On 02/12/2012 07:46 PM, Vahis wrote:
>> I’m not saying that it would be impossible, but
>> I think I haven’t seen that, ever.
>
> of course it depends on which repos you have enabled, refreshed and at
> what priority they are…
>
> on the other hand, by using “zypper patch” you only fetch from the
> update repo, and if you use YaST Software Management instead of “zypper
> up” it is not so easy to dump in a load of ‘bad wrong’ from conflicting
> places…
>
> certainly it depends on willingness to put in one bullet (or bad repo)
> spin the cylinder, pull the trigger (or “zypper up”) and hope for good
> luck!
>
> therefore, ymmv.

My mileage is very different.
My experience is that zypper is very good with dependencies ans so on, I
don’t remember it having ever dumped any “bad wrong”, whatever that is.

Zypper up updates only stuff that’s been previously installed, if available.

What I think you might be referring to is ‘zypper dup’ but I’ve been
doing that a lot, too.

There you need to pay more attention but you’ll get warned if something
is about to conflict and you don’t have to go on with your “shot in the
barrel”.

Vahis

http://waxborg.servepics.com
openSUSE 11.4 (x86_64) 2.6.37.6-0.11-default main host
openSUSE 12.1 (x86_64) 3.2.4-6-desktop Tumbleweed in VirtualBox
openSUSE 12.1 (i586) 3.1.9-1.4-desktop in EeePC 900

On 02/12/2012 08:11 PM, Vahis wrote:
> Zypper up updates only stuff that’s been previously installed, if
> available.

like kernels in factory, for example…


DD
Read what Distro Watch writes: http://tinyurl.com/SUSEonDW

DenverD wrote:
> On 02/12/2012 08:11 PM, Vahis wrote:
>> Zypper up updates only stuff that’s been previously installed, if
>> available.
>
> like kernels in factory, for example…
>

If you run factory and there’s a new kernel available, yes.
Shouldn’t it?

If you don’t want kernel, use option ‘–skip-interactive’

Vahis

http://waxborg.servepics.com
openSUSE 11.4 (x86_64) 2.6.37.6-0.11-default main host
openSUSE 12.1 (x86_64) 3.2.4-6-desktop Tumbleweed in VirtualBox
openSUSE 12.1 (i586) 3.1.9-1.4-desktop in EeePC 900

On 02/12/2012 08:39 PM, Vahis wrote:
> If you run factory and there’s a new kernel available, yes.
> Shouldn’t it?
>
> If you don’t want kernel, use option ‘–skip-interactive’

yes, i recognize that there are many ways to reduce the likelyhood of
murdering a system with “zypper up”, and you may know them all…but,
does the OP in this thread, or will everyone else who googles in on the
thread know all that you do?

i post the cautions for those who do not know the dangers…

if you know all the pitfalls and how to avoid them, why not write a wiki
page or two on how to safely maintain a stable dependable system with
“zypper up”…

because around two or three times a week (or more) for of the last years
a new user has posted in one of these fora with an insurmountable (to
him/her) problem…

many coming from ubuntu take a glance at zypper and think it is like apt
and they have “zipper up” to oblivion…and in many many cases the first
order of business is looking over their repo list and culling out the
clashing repos they have laid in for themselves with 1-Clicks…

so, i’ll try to remember your ID and PM you in to help them a few
thousand times and then . . . and be very happy to point them to your
SDB pages on how to stay on the leading edge with “zypper up” with no
danger of shooting yourself in the foot.


DD http://tinyurl.com/DD-Caveat
Read what Distro Watch writes: http://tinyurl.com/SUSEonDW