Launchpad has imported 4 comments from the remote bug at https://bugzilla.mozilla.org/show_bug.cgi?id=1734791.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2021-10-08T07:21:39+00:00 Marian+mozilla wrote: User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.99 Safari/537.36 Steps to reproduce: This issue concerns the Firefox snap package. I have configured Firefox to use SPNEGO authentication against my authentication server using the policy `Authentication/SPNEGO` (as documented at https://github.com/mozilla/policy- templates/blob/master/README.md#authentication). Firefox shows the policy in `about:policies` and the corresponding setting `network.negotiate-auth.trusted-uris` in `about:config`, so the policy is found and applied correctly. Actual results: Even though the policy is active, Firefox does not attempt Kerberos authentication against my authentication server. The exact same policy DOES work with the regular deb-based version of Firefox, so the issue has to be in the snap package. I guess that the snap version does not have access to the required files and/or environment variables. I logged which files and directories the deb-based Firefox accesses that seem to have to do with Kerberos/SPNEGO using `strace -f -t -e trace=file firefox` on my system running Ubuntu 21.10 beta: ``` /lib/x86_64-linux-gnu/libgssapi_krb5.so.2 /lib/x86_64-linux-gnu/libkrb5.so.3 /lib/x86_64-linux-gnu/libk5crypto.so.3 /lib/x86_64-linux-gnu/libkrb5support.so.0 /etc/gss/mech /etc/gss/mech.d /etc/krb5.conf /etc/krb5/user/10017/client.keytab /usr/share/locale/*/LC_MESSAGES/mit-krb5.mo /usr/share/locale-langpack/*/LC_MESSAGES/mit-krb5.mo /tmp/krb5cc_10017_QfHqc3 ``` `10017` is the user ID of the user running firefox. The last file `/tmp/krb5cc_10017_QfHqc3` is the user's Kerberos ticket cache, which is given by the environment variable `KRB5CCNAME`. So the first step would be to allow the snap to access the listed files and directories, as well as to the environment variable `KRB5CCNAME`. Of course, the list is just generated by looking at the deb-based Firefox on my system and might not be complete. In any case, I'd be happy to test an updated snap. Expected results: Kerberos/SPNEGO authentication should work the same as in the deb-based Firefox. Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1849346/comments/14 ------------------------------------------------------------------------ On 2021-10-12T12:27:10+00:00 Andrei-purice wrote: Setting a component for this issue in order to get the dev team involved. If you feel it's an incorrect one please feel free to change it to a more appropriate one. Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1849346/comments/17 ------------------------------------------------------------------------ On 2021-10-15T14:11:37+00:00 Olivier Tilloy wrote: Triagers, please update the component to "Release Automation: Snap" and add a blocks reference to bug 1665641. Thanks! Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1849346/comments/19 ------------------------------------------------------------------------ On 2021-10-18T07:57:39+00:00 Daniel Calcoen wrote: There are several references across the internet about similar problems. https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1849346 Firefox with Kerberos/SPENGO works fine in the non snap version and Firefox snap version don't. Seems some door is closed in the snap. Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1849346/comments/21 ** Changed in: firefox Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: [snap] kerberos GSSAPI no longer works after deb->snap transition To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1849346/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
