Replace hardcoded krb5.conf with gssproxy (!1596) · Merge requests · GNOME / gnome-build-meta

Michael Catanzaro requested to merge mcatanzaro/gssproxy into master May 05, 2022

Instead of having our own krb5.conf and pulling in the kerberos ccache from the user environemnt inside the flatpak runtime, let's use gssproxy instead. GSS-Proxy's proxymech.so plugin intercepts GSSAPI calls and forwards them to the gssproxy service. By bind-mounting the gssproxy service socket in the flatpak environment we outsource dealing with all the kerberos configuration and ticket management to the host user session.

As a bonus we avoid exposing the kerberos tickets to the flatpak environment.

Edited May 05, 2022 by Michael Catanzaro

Replace hardcoded krb5.conf with gssproxy

Merge request reports