On 6/28/2023 10:18 AM, Jan Henrik Sylvester wrote:
On 6/28/23 15:02, Jeffrey E Altman wrote:On 6/28/2023 3:54 AM, Jan Henrik Sylvester wrote:On 6/9/23 13:38, Jan Henrik Sylvester wrote:- you cannot use snap packaged with a home directory outside /home: use ppa:mozillateam/ppa for Firefox and Google Chrome instead of ChromiumCorrection: This does not seem to be true anymore. snap set system homedirs=/afs/math.uni-hamburg.de/users works for Ubuntu 22.04.The Firefox snap does start with this setting. We have very limited experience with this setting. Kerberos authentication does not work in Firefox snap, which is a known problem (independent of AFS).What credential cache type is in use?The underlying issues are the same as for PAGs. The assumption is that a 'uid' represents all of the authorization credentials associated with the user. If the Kerberos credential cache is using a session keyring or something that is not global to the 'uid', then there will be no Kerberos TGT available to snap.Maybe I was not clear enough. Accessing the home directories from Firefox is not the issue. Kerberized http is the issue:
You were clear. I am suggesting that you use a Kerberos credential cache that is tied to the uid for example a keyring with user scope instead of session scope.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
