On Sun, 2016 May 8 11:28+0200, Guido Günther wrote: > > > > I would not mind having the program run for all users, but for the > > "credentials expired" notification. Is there a reason to give that > > message on startup when no credentials (not even expired ones) are > > present? > > Yes, this gives you the persistent notification in GNOMEs notification > area that allows you to grab a ticket via mouse click (in contrast to > getting it via the API).
I can just click on the little systray icon. How is the notification necessary for me to get a ticket? (I am using the program under Xfce, if that makes a difference.) Bear in mind, strictly speaking, it is incorrect for the program to report "credentials expired" when a non-Kerberos user logs in---because no credentials (even expired/invalid ones) are present at all. It's like telling someone who has never had a passport in their life that their passport is expired. That's going to be quite confusing for them. > The current behaviour is reasonable under the objective that you want > to give the user an easy way to fetch a ticket at any time and not all > applications being able to request a ticket via the DBus API. I don't understand why you're bringing up the DBus API. Yes, some applications can request krb5-auth-dialog get the user's password and then Kerberos tickets. But there is a systray icon that is independent of DBus, and the user can click on it whenever they like, and that is about as easy as it gets.
