Public bug reported:
I have Kerberos authentication set up in Thunderbird for my mailbox.
My environment contains:
helga@helga-rashomon:~$ env | grep KRB
KRB5CCNAME=KCM:
This means that Kerberos authentication should work through the sssd-kcm
server.
I initialize Kerberos and verify that it functions correctly:
helga@helga-rashomon:~$ klist
Ticket cache: KCM:1000
Default principal: he...@example.org
Valid starting Expires Service principal
03/11/24 04:14:24 03/12/24 04:14:24 krbtgt/example....@example.org
03/11/24 04:15:24 03/12/24 04:14:24 HTTP/redmine.example.org@
Ticket server: HTTP/redmine.example....@example.org
(listing redacted to say example.org instead of the real address. the
redmine listing shows that Firefox works correctly with this address)
However, when I open the Snap Thunderbird, it does not recognize this
Kerberos setup, showing me "The Kerberos/GSSAPI ticket was not accepted
by the IMAP server". klist -A likewise shows no changes.
The exact same setup works when I specify KRB5CCNAME=DIR:${HOME}/krb5cc in
.profile instead.
The sssd-kcm setup also works in Thunderbird native and Flatpak profiles.
Considering the Flatpak specifically permits access to
/run/.heim_org.h5l.kcm-socket, could it be that the Thunderbird Snap is
not allowed to access this socket?
** Affects: sssd (Ubuntu)
Importance: Undecided
Status: New
** Affects: thunderbird (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/2056760
Title:
[snap]Thunderbird doesn't authenticate with sssd-kcm
Status in sssd package in Ubuntu:
New
Status in thunderbird package in Ubuntu:
New
Bug description:
I have Kerberos authentication set up in Thunderbird for my mailbox.
My environment contains:
helga@helga-rashomon:~$ env | grep KRB
KRB5CCNAME=KCM:
This means that Kerberos authentication should work through the sssd-
kcm server.
I initialize Kerberos and verify that it functions correctly:
helga@helga-rashomon:~$ klist
Ticket cache: KCM:1000
Default principal: he...@example.org
Valid starting Expires Service principal
03/11/24 04:14:24 03/12/24 04:14:24 krbtgt/example....@example.org
03/11/24 04:15:24 03/12/24 04:14:24 HTTP/redmine.example.org@
Ticket server: HTTP/redmine.example....@example.org
(listing redacted to say example.org instead of the real address. the
redmine listing shows that Firefox works correctly with this address)
However, when I open the Snap Thunderbird, it does not recognize this
Kerberos setup, showing me "The Kerberos/GSSAPI ticket was not
accepted by the IMAP server". klist -A likewise shows no changes.
The exact same setup works when I specify KRB5CCNAME=DIR:${HOME}/krb5cc in
.profile instead.
The sssd-kcm setup also works in Thunderbird native and Flatpak profiles.
Considering the Flatpak specifically permits access to
/run/.heim_org.h5l.kcm-socket, could it be that the Thunderbird Snap
is not allowed to access this socket?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2056760/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
