>What is often useful is to see if there is any Apparmor denial in
'journalctl -f' as the error happens (or just use snappy-debug).
I looked into AppArmor quite a while ago on Ubuntu 22.04; specifically,
the message:
audit: type=1400 audit(1668125265.179:153): apparmor="DENIED"
operation="open" profile="snap.firefox.firefox" name="/etc/gss/mech.d/"
pid=35973 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
As I recall: I managed to resolve the entry but it did not fix my issue.
I believe I also changed the Snap 'confinement' level as well and was
still unable to resolve the issue.
> Anyway, my first goal would be to reproduce the issue myself so I can
poke at it directly without burdening you with each exploratory or
tentative measure I'd like to try.
That seems reasonable, though I'm afraid I can't advise as I'm
unfamiliar with Kerberos server-side set-up.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1849346
Title:
[snap] kerberos GSSAPI no longer works after deb->snap transition
Status in Mozilla Firefox:
New
Status in snapd:
New
Status in chromium-browser package in Ubuntu:
Triaged
Status in firefox package in Ubuntu:
Triaged
Bug description:
I configure AuthServerWhitelist as documented:
https://www.chromium.org/developers/design-documents/http-
authentication
and can see my whitelisted domains in chrome://policy/
but websites that used to work with SPNEGO/GSSAPI/kerberos no longer
work. I'm guessing the snap needs some sort of permission to use the
kerberos ticket cache (or the plumbing to do so doesn't exist...).
I can confirm that Chrome has the desired behavior.
To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1849346/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
