[4.5.0.16] SSH wants further legitimation for pkcon

Since 4.5.0.16, I can no longer use a “pkcon command” via ssh without further legitimization.
Here is an example with pkcon refresh:

[nemo@XA2Plus ~]$ pkcon refresh
Cache is updated             [                      ] (0%)  
==== AUTHENTICATING FOR org.freedesktop.packagekit.system-sources-refresh ===
Credential is required to update system repositories
Multiple identities can be used for authentication:
 1.  sailfish-code
 2.  sailfish-fingerprint
Choose identity to authenticate as (1-2):                                       
Waiting for Legitimization                        [==                    ]         1                                              [                  ==  ]         
Password:                                      [            ==        ]         
                                               [             ==       ]         polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
                                                                                
Fertig                                                                         
Fatal error: Failed to obtain authentication.
[nemo@XA2Plus ~]$ 

My procedure:
Choice of legimitation: 1 [Enter].
Password entry: 5 digits to unlock the device [Enter].
Because no input mask appeared on the mobile phone, everything was entered on the PC.
I never had this legimitation prompt before 4.5.0.16.
Since I had never used an unlock code before, I make one and then reboot the mobile phone. With 4.5.0.18 is the same.

You have to enable the Developer-Mode in Prefs, set there an Password for that and type:

devel-su pkcon refresh

I have had the developer account with password set for many SFOS releases - and it always worked a pkcon refresh, without a devel-su (SSH access).
If you search for this error message, you find that Link.
These files also exist in the Sailfish system.

Maybe I’m wrong and I just happened to enter the pkcon commands directly via the phone’s terminal. But I would be surprised, because I actually do everything concerning CLI via SSH.
If a user here could confirm that pkcon has never worked as a remote without root rights - then I give up. :slight_smile:

There is definitely a difference, and it seems it depends on where the initial shell session was launched.

If it’s the phone terminal, then new sessions of screen (or presumably tmux) will have pkcon working with GUI.
If not it falls back to that password/fingerprint prompt.

I guess it’s related to which “seat” the shell session belongs to with only seat0 getting GUI prompts.

Nevertheless, the error handling is wrong because you can’t get any further by entering the unlock code.
If you follow the link (posted above), the error should disappear when you insert the user → nemo/defaultuser in this file.
Has this always been like this?
The incorrect prompt (“please enter the unlock code”) seems strange to me.