Cockpit currently uses accountsservice to modify user accounts. This doesn't work for when logged in as an admin-non-root user, even though accountsservice uses polkit for privilege escalation.
The polkit policy is desktop centric and requires that the caller is logged in via an active monitor+keyboard seat.
Created attachment 98449 [details] [review]
data: Fix desktop-centric polkit policy
Change the polkit policy so accountsservice allows use of the
DBus API by admin users that are not logged in via a monitor+keyboard.
This includes users logged in via ssh or Cockpit.
Looks scary at first. But makes sense, I think.
Attachment 98449 [details] pushed as 74aa92e - data: Fix desktop-centric polkit policy
Updated the patch to use 'auth_self' for changing own info, when not logged in on an active local session.