Authorization prompt dismissed error [Linux]

Hey @dkoch84,

Thanks for sharing your experience. I will make a note for our team to look into the existing instructions for how to set up the prerequisites on Linux if you do not yet have PolKit. I think we can make some improvements there.

With regards to your experience with having to enter your password for every terminal session: I do get your frustration. Because of the high level of privilege granted to the CLI, we limit the scope of authorization to a single terminal session, just like sudo does.

I really appreciate the Arch mentality to just go fix this yourself! The provided snippet does indeed short-circuit the prompt. However, I also want to place a warning: this can also be used to unlock the 1Password app without any password. If you run a CLI command while the 1Password app is locked, the app will also get unlocked. I've added a note to your post to highlight this, I hope you're okay with that :)

This does lead to a similar option that could be worth looking into: PolKit uses PAM (Pluggable Authentication Modules) to actually handle authentication. If you don't have any biometrics configured, the default user password module will be used by default. It is possible to override this to a variety of other plugins that you might find easier to use, but can still provide a decent level of protection:
- pam_u2f which allows you to confirm the prompt by tapping the button of a Yubikey or another U2F token (https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F).
- pam_duo which allows you to confirm the prompt by confirming on your mobile phone (https://duo.com/docs/duounix; I have not yet tried this myself)

After setting up a PAM module, you'd have to add it to the top of /etc/pam.d/polkit-1 as auth sufficient pam_u2f.so cue or auth sufficient pam_duo.so.

Let me know if that is of any help.

Joris