Hey Ron, no worries, thanks for checking, for sure the more verifiers, the better.
The Glab snap is not a classic snap; The warning should indeed only be supressed for classic snaps, precisely because they already have access to the kerberos ticket's path, whereas it should NOT be supressed for normal snaps, because those won't have access to that path. As such, I edited the test plan to specify a classic snap. ** Description changed: [SRU] 2.72: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2124239 [ Impact ] <...to be added...> [ Test Plan ] 1. Reproduce with snapd snap == 2.71 - Set up a system with Kerberos using DIR credential cache format: - ``` - export KRB5CCNAME=DIR:/tmp/krb5cc_1000 - ``` - - Install Node.js via snap: - ``` - snap install node --classic - ``` + ``` + export KRB5CCNAME=DIR:/tmp/krb5cc_1000 + ``` + - Install a classic snap, such as Node.js: + ``` + snap install node --classic + ``` - Run any Node.js application: - ``` - node --version - ``` - - Expect: Warning like + ``` + node --version + ``` + - Expect: Warning like ``` 2025/08/22 12:10:38.185638 cmd_run.go:1408: WARNING: will not expose Kerberos tickets' path: Unsupported KRB5CCNAME: DIR:/tmp/krb5cc_1000 ``` 2. Prove fixed with snapd snap 2.72 - Repeat above steps - Expect: Node.js should execute without any warnings, as it did in snapd 2.70. ---original--- # snapd 2.71 generates Kerberos warnings for DIR: credential cache format ## Summary After upgrading to snapd 2.71 (revision 25202), all snap applications that use Node.js generate Kerberos-related warnings when `KRB5CCNAME` is set to use the DIR: credential cache format. This warning did not appear in snapd 2.70. ## Steps to Reproduce 1. Set up a system with Kerberos using DIR credential cache format: ``` export KRB5CCNAME=DIR:/tmp/krb5cc_1000 ``` 2. Install Node.js via snap: ``` snap install node --classic ``` 3. Run any Node.js application: ``` node --version ``` ## Expected Behavior Node.js should execute without any warnings, as it did in snapd 2.70. ## Actual Behavior Every execution of Node.js (or any snap that uses Node.js) generates the following warning: ``` 2025/08/22 12:10:38.185638 cmd_run.go:1408: WARNING: will not expose Kerberos tickets' path: Unsupported KRB5CCNAME: DIR:/tmp/krb5cc_1000 ``` ## Environment Information - **OS**: Ubuntu 22.04 - **Kernel**: 6.8.0-65-generic - **Problematic snapd version**: 2.71 (revision 25202) - **Working snapd version**: 2.70 (revision 24792) - **Kerberos setup**: `KRB5CCNAME=DIR:/tmp/krb5cc_1000` - **Affected snap**: node 18.20.8 (revision 9971) classic ## Additional Details - The warning appears to originate from `cmd_run.go:1408` in the snapd codebase - The issue affects any application that runs through snap when Kerberos DIR credential cache is configured - The warning is cosmetic but creates noise in logs and user output - Reverting to snapd 2.70 resolves the issue completely ## Workaround Temporarily revert to the previous snapd version: ``` sudo snap revert snapd ``` ## Impact This affects enterprise environments where Kerberos authentication is commonly used with DIR credential cache format, causing unnecessary warning messages in all snap-based applications. ## Timeline The issue was introduced with the automatic snapd update that occurred on 2025-08-22 at approximately 06:48 EDT, when snapd was updated from revision 24792 (2.70) to revision 25202 (2.71). ** Summary changed: - snapd 2.71 (revision 25202) introduced Kerberos credential checking that generates warnings for DIR: format credentials + snapd 2.71 (revision 25202) introduced Kerberos credential checking that generates warnings for DIR: format credentials on classic snaps -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121238 Title: snapd 2.71 (revision 25202) introduced Kerberos credential checking that generates warnings for DIR: format credentials on classic snaps To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2121238/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
