On Fri, May 06, 2016 at 04:24:02AM -0400, Daniel Richard G. wrote: > On Fri, 2016 May 6 10:13+0200, Guido Günther wrote: > > > > Using "krb5-auth-dialog -a" should do waht you want. However we > > want kb5-auth-dialog running all the time for use cases where the > > user wants to pick up a Kerberos ticket later (e.g. after starting > > a VPN tunnel) so we want the notification in the system tray to > > pick up a ticket. > > > > Since this is a config file you can safely modify it without it being > > ovewritten by upgrades. > > > > Does this sound o.k.? > > I would not mind having the program run for all users, but for the > "credentials expired" notification. Is there a reason to give > that message on startup when no credentials (not even expired > ones) are present?
Yes, this gives you the persistent notification in GNOMEs notification area that allows you to grab a ticket via mouse click (in contrast to getting it via the API). > While I can modify the .desktop file, the best solution would be one > that gives reasonable behavior for both Kerberos and non-Kerberos users, > such that no tweaks are needed. The current behaviour is reasonable under the objective that you want to give the user an easy way to fetch a ticket at any time and not all applications being able to request a ticket via the DBus API. Cheers, -- Guido
