WebYaST consists of two Web-Server-Applications:
- YaST Webclient - is the UI part of WebYaST. This web application runs on an own web server and has none system priveledge.
- YaST Webservice - is the backend of WebYaST which is also running on an own web server. It has system access via special permissions.
The YaST Webclient communicate via HTTP(s) with the YaST Webservice. The user has to authenticate ( username, password ) to the host via PAM (Pluggable Authentication Modules) which is available on every linux system.
The YaST Webclient sends requests ( e.g. create a user, install patch) via the REST-interface to the YaST Webservice. This service checks if the user has the right to execute this request via PolicyKit. For each kind of request there is PolicyKit rule defined. These rights has to be granted to the concerning user.
After permission check the request will be send via DBUS to the SCR agent of YaST. The return value will be given back to YaST-Webclient in XML or JSON format.
Patches will be handled by PackageKit. These requests will also be sent from the YaST Webservice to PackageKit via DBUS.