An additional item regarding changing `default_ccache_name`: As far as I understand, this is an MIT Kerberos parameter set in krb5.conf.
However, I'm using Kerberos (in combination with LDAP) via SSSD (and I think using SSSD is pretty common). I don't remember what default config Ubuntu ships with SSSD, but maybe the default path has to be changed there, too (parameters `krb5_ccachedir` and `krb5_ccname_template`). This might also apply to other Kerberos libraries besides MIT Kerberos and SSSD (if there are any, I don't know). -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: [snap] kerberos GSSAPI no longer works after deb->snap transition Status in Mozilla Firefox: New Status in snapd: New Status in chromium-browser package in Ubuntu: In Progress Status in firefox package in Ubuntu: In Progress Bug description: Workaround ---------- Execute echo 'default_ccache_name = FILE:/home/%{username}/krb5cc' >> /etc/krb5.conf so that the Kerberos credentials are stored in a file path a snapped application can read. Acknowledgement: For many that can't work for {different reasons}, as stated in multiple comments below. Nonetheless it is worth a mention. Original report --------------- I configure AuthServerWhitelist as documented: https://www.chromium.org/developers/design-documents/http- authentication and can see my whitelisted domains in chrome://policy/ but websites that used to work with SPNEGO/GSSAPI/kerberos no longer work. I'm guessing the snap needs some sort of permission to use the kerberos ticket cache (or the plumbing to do so doesn't exist...). I can confirm that Chrome has the desired behavior. To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1849346/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
