Can't run canonical-certification-server without password on a maas provisioned node [offline]

I thought the same happend to the legacy checkbox as well, but it kept going even thought it complained about the authentication.

/ polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

This incident has been reported.
/ ==== AUTHENTICATING FOR org.freedesktop.policykit.pkexec.run-checkbox-backend ===
SYSTEM TESTING: Please enter your password. Some tests require root access to run properly. Your password will never be stored and will never be submitted with test results.
Authenticating as: Ubuntu (ubuntu)
Password|
Gathering information from your system...
polkit-agent-helper-1: pam_authenticate failed: Authentication failure

Choose tests to run on your system:

* b: Benchmarks tests
* c: CPU tests
* r: Create resource info for supported optical actions
* d: Disk tests
* e: Ethernet Device tests
* f: Floppy disk tests
* i: Informational tests
* m: Memory tests
* s: Miscellaneous tests
* o: Optical Drive tests
* p: Power Management tests
* t: Stress tests
* u: USB tests
* v: Virtualization tests
  +: Combine with character above to expand node
   : Space when finished

Please choose (b/c/r/d/e/f/i/m/s/o/p/t/u/v/+/ ):

This looks like a duplicate of : https://bugs.launchpad.net/plainbox/+bug/1299201. To sum up, plainbox tries to use policykit to run privileged jobs, but polkit is unhappy over ssh with our secure policy.

The odd behaviors you see can be explained as follows:

- checkbox (old) tries to launch a privileged backend at the beginning. If authentication fails, the non-privileged frontend will continue but will be unable to run root jobs.

- I think if you install over APT you probably get the insecure policy (see linked bug to learn why this works). Whereas perhaps the tarball includes the secure policy. I'll check the policy packages and see what you get and whether switching policies is likely to help.