]> PolicyKit provides an authorization API intended to be used by privileged programs (MECHANISMS) offering service to unprivileged programs (CLIENTS). See the polkit manual page for the system architecture and big picture. PolicyKit applications are privileged mechanisms using the PolicyKit authority as a decider component. To do this, a mechanism use either the GObject API, the D-Bus API or the pkcheck command to communicate with the PolicyKit Authority. Note that clients normally doesn't use the PolicyKit API directly – it is intended for privileged mechanisms. If a client needs to disable, modify or remove UI elements to e.g. convey to the user that a certain action cannot be carried out (because e.g. the user is not authorized) or authentication is needed (by e.g. displaying a padlock icon in the UI), it is usually better to have the mechanism provide an API for this. If a PolicyKit application wants to handle the case where no authentication agent exists (for example if the app is launched via a ssh1 login), it is trivial for the application to use the PolkitAgentTextListener class to spawn its own authentication agent as needed. See the pkcheck or pkexec program sources for an example of how to do this. As an example of code using the GObject API, see . For an example using the D-Bus API, see . FIXME: MISSING XINCLUDE CONTENT FIXME: MISSING XINCLUDE CONTENT Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the PolicyKit Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() method. Note that the PolicyKit Authority itself does not care how the agent authenticates the user. The libpolkit-agent-1 library provides helpers to make it easy to build authentication agents that use the native authentication system e.g. pam(8). If the environment variable POLKIT_DEBUG is set, the libpolkit-agent-1 library prints out diagnostic information on standard output. PolicyKit exports a number of extension points to replace/customize behavior of the PolicyKit daemon. Note that all extensions run with super user privileges in the same process as the PolicyKit daemon. The PolicyKit daemons loads extensions from the &extensiondir; directory. See the GIO Extension Point documentation for more information about the extension system used by PolicyKit. The following extension points are currently defined by PolicyKit: Allows replacing the Authority – the entity responsible for making authorization decisions. Implementations of this extension point must be derived from the PolkitBackendAuthority class. See the src/nullbackend/ directory in the PolicyKit sources for an example.