Comment 19 for bug 1849346
Revision history for this message
|
|
#19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.99 Safari/537.36
Steps to reproduce:
This issue concerns the Firefox snap package. I have configured Firefox to use SPNEGO authentication against my authentication server using the policy `Authentication
Actual results:
Even though the policy is active, Firefox does not attempt Kerberos authentication against my authentication server. The exact same policy DOES work with the regular deb-based version of Firefox, so the issue has to be in the snap package.
I guess that the snap version does not have access to the required files and/or environment variables. I logged which files and directories the deb-based Firefox accesses that seem to have to do with Kerberos/SPNEGO using `strace -f -t -e trace=file firefox` on my system running Ubuntu 21.10 beta:
```
/lib/x86_
/lib/x86_
/lib/x86_
/lib/x86_
/etc/gss/mech
/etc/gss/mech.d
/etc/krb5.conf
/etc/krb5/
/usr/share/
/usr/share/
/tmp/krb5cc_
```
`10017` is the user ID of the user running firefox. The last file `/tmp/krb5cc_
So the first step would be to allow the snap to access the listed files and directories, as well as to the environment variable `KRB5CCNAME`. Of course, the list is just generated by looking at the deb-based Firefox on my system and might not be complete.
In any case, I'd be happy to test an updated snap.
Expected results:
Kerberos/SPNEGO authentication should work the same as in the deb-based Firefox.