The Authorization Agent is the application that is called whenever an user wants to obtain a given authorization. It's a &DBus; activated daemon which uses libpolkit-grant that in turn uses PAM for authentication services (however, other authentication back-ends can be plugged in as required). The appearance of the authentication dialog depends on the result from PolicyKit and also whether administrator authentication is defined as authenticate as the root user or authenticate as one of the users from UNIX group wheel or however the PolicyKit library is configured (see the PolicyKit.conf(5) manual page for details). Note that some of the screenshots below were made on a system set up to use the ThinkFinger PAM module. The text shown in the authentication dialogs stems from the PolicyKit .policy XML files residing in /usr/share/PolicyKit/policy and is read by the authentication daemon when an applications asks to obtain an authorization. Thus, what the user sees is not under application control (e.g. it's not passed from the application) which rules out a class of attacks where applications are trying to fool the user into gaining a privilege. The authentication dialog where the user is asked to authenticate as root using the password or swiping the finger. The details shows the application that's requesting the action, the action itself and the action vendor. If clicking in the action link it will open the authorization manager pointing to the given action, and the vendor might also provide a link for the given action that will be fired when clicking on the Vendor link: The authentication dialog asking for root, swipe finger and showing descriptions Authentication dialog where the user is asked to authenticate as an administrative user and PolicyKit is configured to use the root password for this: The authentication dialog asking for root Authentication dialog where the user is asked to authenticate as an administrative user and PolicyKit is configured to use a group for this: The authentication dialog asking for a user of the administrative group Same authentication dialog, showing drop down box where the user can be selected: Same authentication dialog, showing drop down box where the user can be selected Authentication dialog showing an Action where the privilege can be retained indefinitely: Authentication dialog showing an Action where the privilege can be retained indefinitely Authentication dialog showing an Action where the privilege can be retained only for the remainder of the desktop session: Authentication dialog showing an Action where the privilege can be retained only for the remainder of the desktop session