The workaround provided by Ronzo is much appreciated, but considering that this will mostly be relevant in larger environments with central authentication, keeping the cached credentials openly in the middle of the home directory may at least open support issues with users wondering what that file may be, deleting it, and so on.
We've also experimented with other paths, which either fails due to missing access permissions or the requirement to start Firefox with a different $KRB5CCNAME environment than the default. If the Snap could access the krb5.conf(5) default default_ccache_name, that would be a huge step forward. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1970182 Title: Kerberos does not work anymore on Firefox under Ubuntu 22.04 Status in firefox package in Ubuntu: Confirmed Bug description: There seems to be a problem with the AppArmor config regarding Firefox and Kerberos. journalctl -f | grep DEN Apr 25 10:26:48 chupacabra audit[3575]: AVC apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/gss/mech.d/" pid=3575 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Apr 25 10:26:48 chupacabra kernel: audit: type=1400 audit(1650875208.417:138): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/gss/mech.d/" pid=3575 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid= To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1970182/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
