The /etc/gss/mech.d/ and /etc/krb5.conf.d/ denials may be relevant. Both directories are empty in my case, but lack of access may be killing some logic that relies on checking them.
** Attachment added: "AppArmor denials" https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1849346/+attachment/5303122/+files/apparmor_denials.txt -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: [snap] kerberos GSSAPI no longer works after deb->snap transition Status in chromium-browser package in Ubuntu: Confirmed Bug description: I configure AuthServerWhitelist as documented: https://www.chromium.org/developers/design-documents/http- authentication and can see my whitelisted domains in chrome://policy/ but websites that used to work with SPNEGO/GSSAPI/kerberos no longer work. I'm guessing the snap needs some sort of permission to use the kerberos ticket cache (or the plumbing to do so doesn't exist...). I can confirm that Chrome has the desired behavior. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1849346/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
