> I then ran 'kinit' in order to get a
> new TGT:
>
> Then I opened up Firefox and navigated to an internal site which
> requires Kerberos and got an HTTP 401 error.
>
> I also tried 'FILE:/run/user/%{euid}/krb5cc' but have the same issue.
I suspect that won't update the Kerberos variable in the environment. Please
check whether the value of
< /proc/"$(pgrep firefox)"/environ xargs -0L1 | grep KRB
reflects the updated or the old value. If the latter, simplest is to log out and
in again so the whole environment gets hold of the updated variable.
> > That is a reasonable expectation, but in snaps /tmp just cannot work
> since every snap has a private tmp. Yes, we do not want to pollute
> people's home directory and that's not what we're going for as per my
> last comment. It's just the easy way for testing.
>
> There's no way to punch a hole for a specific file path? That's too
> bad.
Yes in general, but /tmp is special, see [1]. Maybe you would be interested in
this bypass[2].
[1]https://ubuntu.com/core/docs/security-and-sandboxing
[2]https://askubuntu.com/questions/1263843/how-to-allow-snap-applications-to-access-tmp-folder
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1849346
Title:
[snap] kerberos GSSAPI no longer works after deb->snap transition
To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1849346/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
