--- usermode-1.92/userhelper-wrap.c.user_authen	2007-06-11 22:39:16.000000000 +0200
+++ usermode-1.92/userhelper-wrap.c	2007-08-17 10:22:29.000000000 +0200
@@ -777,7 +777,7 @@ userhelper_parse_childout(char *outline)
 		/* Customize the label. */
 		if (resp->responses == 0)
 			text = g_strdup("");
-		else if (resp->service != NULL) {
+		else if (resp->service != NULL && strcmp(resp->service, "simple_root_authen")) {
 			if (strcmp(resp->service, "passwd") == 0)
 				text = g_strdup(_("Changing password."));
 			else if (strcmp(resp->service, "chfn") == 0)
--- usermode-1.92/userhelper.c.user_authen	2007-08-17 10:22:29.000000000 +0200
+++ usermode-1.92/userhelper.c	2007-08-17 12:31:46.000000000 +0200
@@ -52,6 +52,8 @@ static gboolean selinux_enabled = FALSE;
 
 #endif
 
+static int simple_root_authen = 0;
+
 #include "shvar.h"
 #include "userhelper.h"
 
@@ -798,7 +800,7 @@ converse_console(int num_msg, const stru
 		if ((data->banner != NULL) && (data->domain != NULL)) {
 			text = g_strdup_printf(dgettext(data->domain, data->banner));
 		} else {
-			if ((service != NULL) && (strlen(service) > 0)) {
+			if ((service != NULL) && (strlen(service) > 0) && strcmp(service, "simple_root_authen")) {
 				if (data->fallback_allowed) {
 					text = g_strdup_printf(_("You are attempting to run \"%s\" which may benefit from administrative\nprivileges, but more information is needed in order to do so."), service);
 				} else {
@@ -1770,7 +1772,23 @@ wrap(const char *user, const char *progr
 		g_print("userhelper: bad file permissions: %s \n",
 			apps_filename);
 #endif
-		exit(ERR_UNK_ERROR);
+		/* fall back to simple auth */
+	 	simple_root_authen = 1;
+		g_free (apps_filename);
+		if (s != NULL) 
+			svCloseFile(s);
+		apps_filename = g_strconcat(SYSCONFDIR "/security/console.apps/", "simple_root_authen", NULL);
+		s = svNewFile(apps_filename);
+		if ((s == NULL) ||
+		    (fstat(s->fd, &sbuf) == -1) ||
+		    !S_ISREG(sbuf.st_mode) ||
+		    (sbuf.st_mode & S_IWOTH)) {
+#ifdef DEBUG_USERHELPER
+		g_print("userhelper: bad file permissions: %s \n",
+			apps_filename);
+#endif
+		    		exit(ERR_UNK_ERROR);
+		}
 	}
 	g_free(apps_filename);
 
@@ -2040,7 +2058,7 @@ wrap(const char *user, const char *progr
 
 	/* If the user we're authenticating as has root's UID, then it's
 	 * safe to let them use HOME=~root. */
-	if (pwd->pw_uid == 0)
+	if (pwd->pw_uid == 0 && !simple_root_authen)
 		setenv("HOME", pwd->pw_dir, 1);
 	else {
 		/* Otherwise, if they had a reasonable value for HOME, let them
@@ -2106,7 +2124,12 @@ wrap(const char *user, const char *progr
 	svCloseFile(s);
 
 	/* Start up PAM to authenticate the specified user. */
-	retval = pam_start(program, user_pam, conv, &data->pamh);
+	if (simple_root_authen) {
+		retval = pam_start("simple_root_authen", user_pam, conv,&data->pamh);
+	} else {
+		retval = pam_start(program, user_pam, conv, &data->pamh);
+	}
+
 	if (retval != PAM_SUCCESS) {
 #ifdef DEBUG_USERHELPER
 		g_print("userhelper: pam_start() failed\n");