Commit da2bb3ce authored by Michael Catanzaro's avatar Michael Catanzaro

Try to make Kerberos work

I don't understand Kerberos, but Rishi kinda does, and he says we need
to make it use the KCM credential cache to have a chance inside flatpak.

It can be configured at build time, but that's not enough on its own. It
seems we need to install a krb5.conf.
parent 14a8328d
Pipeline #117372 failed with stages
in 36 minutes and 46 seconds
......@@ -45,6 +45,15 @@ variables:
conf-local: |
--disable-rpath --with-system-et --with-system-ss
config:
install-commands:
(>):
- mkdir -p %{install-root}%{sysconfdir}
- install -m 644 ../krb5-config/krb5.conf %{install-root}%{sysconfdir}/krb5.conf
sources:
- kind: tar
url: https://kerberos.org/dist/krb5/1.16/krb5-1.16.2.tar.gz
- kind: local
path: files/krb5
directory: krb5-config
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/ssl/certs/ca-certificates.crt
spake_preauth_groups = edwards25519
default_ccache_name = KCM:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment