Public bug reported: Bug 1849346 fixes Kerberos access for snapped web browsers only if logged in as the Kerberos user.
A local user that generates the TGT via kinit will still get access denied, even if KRB5CCNAME is passed manually to point to the TGT's location[1]. So: 1. Verify what is preventing the usage of the ticket. Is the owning user encoded in the TGT and is the server rejecting a user running the process that is not that one? Something else...? 2. Extend the corresponding changes in Snapd. [1]https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1849346/comments/93 ** Affects: chromium-browser (Ubuntu) Importance: Medium Assignee: Nathan Teodosio (nteodosio) Status: Triaged ** Affects: firefox (Ubuntu) Importance: Medium Assignee: Nathan Teodosio (nteodosio) Status: Triaged ** Affects: snapd (Ubuntu) Importance: Undecided Status: New ** Also affects: firefox (Ubuntu) Importance: Undecided Status: New ** Also affects: snapd (Ubuntu) Importance: Undecided Status: New ** Changed in: firefox (Ubuntu) Status: New => Triaged ** Changed in: firefox (Ubuntu) Assignee: (unassigned) => Nathan Teodosio (nteodosio) ** Changed in: chromium-browser (Ubuntu) Assignee: (unassigned) => Nathan Teodosio (nteodosio) ** Changed in: firefox (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2122317 Title: Kerberos authentication fails for TGT generated by a local user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2122317/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
