I agree with your conclusion; Test 1 clearly shows the abortion of the authentication is caused by the included directory being unreadable, and indeed krb5.conf(5) clearly states that any includedir or includefile must be readable. As such, I opened another merge request for Apparmor:
https://gitlab.com/apparmor/apparmor/-/merge_requests/1882 I'll limit the scope of this bug to the failed authentication part, but I'll also reproduce and address the efficiency problem mentioned in (3) in a new bug report, which you may or may not want to file yourself. This will make it easier to track and identify the status of each bug independently. ** Summary changed: - Kerberos authentication fails for TGT generated by a local user + Unreadable includedir /var/lib/sss/pubconf/krb5.include.d/ causes Kerberos authentication failure -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2122317 Title: Unreadable includedir /var/lib/sss/pubconf/krb5.include.d/ causes Kerberos authentication failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2122317/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
