Comment 19 for bug 59946

I did not look into details yet either, but in general PolicyKit is a new system daemon that controls access to resources. You can configure policies like 'user/group foo can access dbus interface bar' and optionally add the requirement that this user has to authenticate via password. In a way it is a fine-grained version of standard unix permission checking.

As I already said I am not terribly happy with not asking for the password at all, since it opens the door for Trojans much more than our previous system did. But the only solution for that right now would be to restrict backend access to root and run all frontends with gksudo again.