** Description changed: [SRU] 2.71: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2118396 [ Impact ] - ... + Kerberos snap does not have access to to the host \tmp\krb5cc* as + required to access ticket information. [ Test Plan ] - ... + Requires Kerberos setup with a version of the snap that uses the new + interface + + 1. Reproduce on snapd deb < 2.71 + + Install and setup Kerberos using a Kerberos snap with the kerberos- + tickets interface + + Expect: + - websites that used to work with SPNEGO/GSSAPI/kerberos no longer work + - no kerberos-tickets interface + + 2. Prove fix on snapd 2.71 + + Ensure kerberos-tickets interface is connected + + Expect: previously problematic websites to work ---original--- Workaround ---------- Add default_ccache_name = FILE:/run/user/%{euid}/krb5cc to the [libdefaults] section of /etc/krb5.conf so that the Kerberos credentials are stored in a file path a snapped application can read. Acknowledgement: For many that can't work for {different reasons}, as stated in multiple comments below. Nonetheless it is worth a mention. Original report --------------- I configure AuthServerWhitelist as documented: https://www.chromium.org/developers/design-documents/http-authentication and can see my whitelisted domains in chrome://policy/ but websites that used to work with SPNEGO/GSSAPI/kerberos no longer work. I'm guessing the snap needs some sort of permission to use the kerberos ticket cache (or the plumbing to do so doesn't exist...). I can confirm that Chrome has the desired behavior.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: [snap] kerberos GSSAPI no longer works after deb->snap transition To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1849346/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
