Authentication is required to create a color profile

I am running a fresh install of CentOS 7 GNOME
so I could RDP from Windows.  I followed the “Connect to GNOME desktop environment via XRDP” instructions,
but when I connect I get an additional login that says

authentication is required to create a color profile

How do I remove this additional login?

In an attempt to solve this problem I tried
a solution at “Griffon’s IT Library”, but it did not work
because link is a lot more then just a solution to this problem. 
I pasted the solution below.

When you login into your system via remote session, you will see this
message popping up.  You can simply cancel and you will be able to
proceed till the next time you login and start a new session.

To avoid this prompt, we will need to change the polkit configuration. 
Using admin privileges, create a file called 02-allow-colord.conf
under the following directory /etc/polkit-1/localauthority.conf.d/

The file should contains [sic] the following instructions
and you should not be prompted anymore
with such authentication request while remoting into your system

polkit.addRule(function(action, subject) {
   if ((action.id == “org.freedesktop.color-manager.create-device”  ||
        action.id == “org.freedesktop.color-manager.create-profile” ||
        action.id == “org.freedesktop.color-manager.delete-device”  ||
        action.id == “org.freedesktop.color-manager.delete-profile” ||
        action.id == “org.freedesktop.color-manager.modify-device”  ||
        action.id == “org.freedesktop.color-manager.modify-profile”)  &&
        subject.isInGroup(“{group}”)) {
           return polkit.Result.YES;
   }
});
Asked By: Starblight

||
Source

EDIT:

Please use the upvoted answer and not this one.

OLD ANSWER:

I found this bug and some workarounds here:

https://bugzilla.redhat.com/show_bug.cgi?id=1149893

More specific you have to place a .rules file in

/etc/polkit-1/rules.d/

(Select a filename and just givr the .rules extension)

and give the rules:

polkit.addRule(function(action, subject) {
   if ((action.id == "org.freedesktop.color-manager.create-device" ||
        action.id == "org.freedesktop.color-manager.create-profile" ||
        action.id == "org.freedesktop.color-manager.delete-device" ||
        action.id == "org.freedesktop.color-manager.delete-profile" ||
        action.id == "org.freedesktop.color-manager.modify-device" ||
        action.id == "org.freedesktop.color-manager.modify-profile") &&
       subject.isInGroup("ATTENTION")) {
      return polkit.Result.YES;
   }
});

Then you have to Replace the word "ATTENTION" with your user’s group.

Answered By: koleygr

I had the same problem and found a different work-around here:

https://github.com/TurboVNC/turbovnc/issues/47#issuecomment-412005377

This variant is claimed to work independent of authentication scheme (e.g. LDAP).

Create /etc/polkit-1/localauthority/50-local.d/color.pkla (note: .pkla extension is required) with the following contents:

[Allow colord for all users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile;org.freedesktop.packagekit.system-sources-refresh
ResultAny=yes
ResultInactive=yes
ResultActive=yes

Worked for me.

update
See next comment in linked github thread…
18.04 users may want to try the above answer but with the following changes:

[Allow colord for all users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile;org.freedesktop.packagekit.system-sources-refresh
ResultAny=no
ResultInactive=no
ResultActive=yes
Answered By: Nemo

None of the other two answers worked for me, so I used a more drastic proposal to simply disallow changing the colour profile:

Ok I edited /usr/share/polkit-1/actions/org.freedesktop.color.policy,
changed every instance of “auth_admin” to “no”

I used the following little bash snippet to do this:

cd /usr/share/polkit-1/actions/
cp -a  org.freedesktop.color.policy  org.freedesktop.color.policy.orig
sed -e 's|>auth_admin<|>no<|g'  org.freedesktop.color.policy.orig  >  org.freedesktop.color.policy
Answered By: FriendFX

I’m running Windows 10 Remote Desktop Connection to Ubuntu 18.04.4 LTS with xrdp. The following solution from this page worked for me (see section titled How to “fix” this issue):

  • delete the file org.freedesktop.color.policy file (located in /usr/share/polkit-1/actions). By deleting this file, you are basically removing the limitations of creating and managing color devices and profiles.

Note that the above is one of two ‘not recommended’ ways. However, for my little home lab setup, it worked fine with no undesirable side effects that I can see. There are two other recommended solutions that I did not try.

Answered By: Paul Ratazzi

For me, the solution worked after change ResultAny and ResultInactive to "no", like Cecilia comment’s in the same aswer. My connection drop if i try to authenticate, but remain after cancel.
I’m running Windows 7 RDP to Ubuntu 18.04 with Xrdp.

[Allow colord for all users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
Answered By: Frank Arana

Another way to fix it:

sudo sed -i 's/<allow_inactive>no</<allow_inactive>yes</' /usr/share/polkit-1/actions/org.freedesktop.color.policy
sudo sed -i 's/<allow_any>.*</<allow_any>yes</' /usr/share/polkit-1/actions/org.freedesktop.color.policy

Taken from here: https://wiki.xorde.co/en/recipes/ubuntu-share-screen

Answered By: Xander Tovski

I kept running into this "Authentication is Required to …." issue over and over for every little thing when logging in through VNC or xRDP, etc. Creating the .pkla file described above resolved it for that error. I was creating a new .pkla file for each specific error. Finally, I found that this universal pkla file resolved all such errors:

  1. Create a file named "universal.pkla" (or anything as long as it ends in .pkla) in the directory:
    /etc/polkit-1/localauthority/50-local.d/

  2. These are the contents of universal.pkla:
    [Allow access to anything for remote users]
    Identity=unix-user:*
    Action=*
    ResultAny=yes
    ResultInactive=yes
    ResultActive=yes

  3. Then restart polkit with "sudo systemctl restart polkit.service" or reboot.

Answered By: ITCrowd
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.