On Wed, 3 Jul 2019 10:55:18 +0200
Kees Bakker via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
wrote:
Hey,
Does anyone have a suggestion how to combine FreeIPA and polkit (policykit)
on Ubuntu? Notice that, for some reason, Ubuntu (and Debian) is stuck at polkit 0.105.
I'm looking for ways to use HBAC rules in combination with service polkit-1. So that
we're able to say: this user can do polkit things on this host.
I'm not sure this is what you want, but I've had success with adding a
HBAC service "polkit-1" and adding it to HBAC rules. This was on Ubuntu
18.04 to log into Gnome via gdm. The other services required were
gdm-password and systemd-user (I added login and gdm too, but not
required). You can create a service group with all these.
If you wanted more fine-grained polkit control, then I have no idea.