krb5-auth-dialog issueshttps://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues2023-11-25T08:46:36Zhttps://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/16Feature: Run custom commands after getting tickets2023-11-25T08:46:36ZGabriel RodriguezFeature: Run custom commands after getting ticketsIt would be nice to be able to configure some custom commands to run after getting a ticket.
Just to give an example, I would use this for getting AFS tickets and restarting the notification server (aklog and zwgc). Since different peop...It would be nice to be able to configure some custom commands to run after getting a ticket.
Just to give an example, I would use this for getting AFS tickets and restarting the notification server (aklog and zwgc). Since different people use Kerberos for different reasons or organizations, having a textbox with custom commands or ability to run a custom script would be nice.https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/15Enter key does not enter password2023-12-02T20:15:05ZGabriel RodriguezEnter key does not enter passwordOn this screen, you can't press Enter after typing the password.
![image](/uploads/5fc833ebaac684ce9e3e0b7114500856/image.png)
You have to click on the "Renew Ticket" button using the mouse, but it would be nice to just be able to pres...On this screen, you can't press Enter after typing the password.
![image](/uploads/5fc833ebaac684ce9e3e0b7114500856/image.png)
You have to click on the "Renew Ticket" button using the mouse, but it would be nice to just be able to press Enter.https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/14Help and other documentation wildly out of date2023-12-03T12:03:41ZFeRD (Frank Dana)Help and other documentation wildly out of dateThe Help content for even the most recent versions of the tool (`krb5-auth-dialog-44.0~alpha1-1.fc38.x86_64` in Fedora) is wildly out of date, showing GNOME 2 (!!) screenshots and describing features (systray icons) that no longer exist....The Help content for even the most recent versions of the tool (`krb5-auth-dialog-44.0~alpha1-1.fc38.x86_64` in Fedora) is wildly out of date, showing GNOME 2 (!!) screenshots and describing features (systray icons) that no longer exist.
Meanwhile, the website link in the app's About dialog points to https://honk.sigxcpu.org/piki/projects/krb5-auth-dialog/ which is slightly _less_ outdated (it at least shows very old GNOME 3 screenshots), but still links to the old GNOME Git instance and GNOME bugzilla, both of which are no longer in use.https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/13Infinite loop when krb5_init_creds_init fails2023-04-21T02:46:03ZJohn Scottjscott@posteo.netInfinite loop when krb5_init_creds_init failsHi,
I'm using the experimental version on Debian Bookworm, and I get repeated messages like the following when I try using it with Scute:
```
(krb5-auth-dialog:272840): KrbAuthDialog-WARNING **: 22:43:04.542: krb5_init_creds_init failed:...Hi,
I'm using the experimental version on Debian Bookworm, and I get repeated messages like the following when I try using it with Scute:
```
(krb5-auth-dialog:272840): KrbAuthDialog-WARNING **: 22:43:04.542: krb5_init_creds_init failed: Message stream modified
scute: scute_agent_initialize:382: GPG Agent connection already established
```
Now, this is apparently a Scute issue, but krb5-auth-dialog should be more resilient. Furthermore, I dont know what "Message stream modified" means if you could help clear that uphttps://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/12Clarify license - GPL 2.0 vs GPL2.0 or later2023-01-10T09:45:44ZHenning SchildClarify license - GPL 2.0 vs GPL2.0 or laterTrying to propose this package for gentoo Linux i did choose "GPL-2" because that is what https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/blob/main/COPYING says.
But review of the code has shown that this might not actually be correct...Trying to propose this package for gentoo Linux i did choose "GPL-2" because that is what https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/blob/main/COPYING says.
But review of the code has shown that this might not actually be correct. And other licenses might apply as well.
https://github.com/gentoo/gentoo/pull/28988#discussion_r1063752277https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/11icon disappeared from systray2023-12-03T11:57:50ZSérgio Bastoicon disappeared from systrayHi,
I'd like have my icon of krb5-auth-dialog on systray but https://bugzilla.redhat.com/show_bug.cgi?id=2089055 .
TLDR with the current version on Fedora 35 with `killall krb5-auth-dialog ; KRB5_AUTH_DIALOG_DEBUG="no-persistence" krb5-a...Hi,
I'd like have my icon of krb5-auth-dialog on systray but https://bugzilla.redhat.com/show_bug.cgi?id=2089055 .
TLDR with the current version on Fedora 35 with `killall krb5-auth-dialog ; KRB5_AUTH_DIALOG_DEBUG="no-persistence" krb5-auth-dialog --auto ` make it work
Now updated to git master and build with meson and icon is gonehttps://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/10krb5-auth-dialog does not expand default_ccache_name correctly2018-01-12T13:12:04ZChristophe-Marie Duquesnekrb5-auth-dialog does not expand default_ccache_name correctlyHi,
When using version 3.12.0-2 on ubuntu 16.04, I noticed that krb5-auth-dialog does not expand the credential cache option correctly.
My credential cache is set as follows in /etc/krb5.conf:
```
[libdefault]
...
default_ccache_name...Hi,
When using version 3.12.0-2 on ubuntu 16.04, I noticed that krb5-auth-dialog does not expand the credential cache option correctly.
My credential cache is set as follows in /etc/krb5.conf:
```
[libdefault]
...
default_ccache_name = DIR:/home/%{username}/.k5/ccache
```
What I tried:
```
$ krb5-auth-dialog
# tells me the cache is empty, while it is actually populated
```
```
$ KRB5CCNAME="DIR:/home/%{username}/.k5/ccache" krb5-auth-dialog
# tells me the cache is empty, while it is actually populated
```
```
$ krb5-auth-dialog --auto
# segmentation fault (core dumped)
```
However, this works:
```
$ KRB5CCNAME="DIR:/home/$USER/.k5/ccache" krb5-auth-dialog
# tells me I have valid kerberos credentials
```
Best,
Christophe-Mariehttps://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/9Support the kernel keyring as credentials cache2018-01-10T21:11:20ZBugzillaSupport the kernel keyring as credentials cache## Submitted by Debarshi Ray `@debarshir`
**[Link to original bug (#772460)](https://bugzilla.gnome.org/show_bug.cgi?id=772460)**
## Description
Recent versions of Fedora and Red Hat Enterprise Linux 7 use the Linux kernel keyring a...## Submitted by Debarshi Ray `@debarshir`
**[Link to original bug (#772460)](https://bugzilla.gnome.org/show_bug.cgi?id=772460)**
## Description
Recent versions of Fedora and Red Hat Enterprise Linux 7 use the Linux kernel keyring as the credentials cache. Running krb5-auth-dialog on such a system leads to:
KrbAuthDialog-WARNING **: Unsupported cache type for 'KEYRING:persistent:1000'
Note that there isn't any notification mechanism for the kernel keyring, yet.
As an example, the Kerberos code in gnome-online-accounts (specifically, goa-identity-service) polls the keyring at 5 second intervals. Grep for monitor_credentials_cache and FALLBACK_POLLING_INTERVAL in gnome-online-accounts.https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/8Reference to old strings in help2021-02-15T12:35:32ZBugzillaReference to old strings in help## Submitted by Anders Jonsson `@ajonsson`
**[Link to original bug (#766879)](https://bugzilla.gnome.org/show_bug.cgi?id=766879)**
## Description
Hi,
reviewing the Swedish translation of krb5-auth-dialog i ran into some strings in h...## Submitted by Anders Jonsson `@ajonsson`
**[Link to original bug (#766879)](https://bugzilla.gnome.org/show_bug.cgi?id=766879)**
## Description
Hi,
reviewing the Swedish translation of krb5-auth-dialog i ran into some strings in help/C/index.docbook that differ from or no longer are available in the program translation.
First is the string "`<guilabel>`Warn .. minutes before expiry`</guilabel>`" in index.docbook.
This seems to be about the strings "Warn" and "minutes before ticket expiry" in src/resources/ui/ka-preferences.ui. This should in that case be changed to "`<guilabel>`Warn .. minutes before ticket expiry`</guilabel>`" in the help.
Following that are two strings about a string that no longer is present in krb5-auth-dialog:
"`<guilabel>`Show tray icon`</guilabel>`"
"Whether to show the tray icon. Disabling the tray icon will also disable notifications, the password dialog will be brought up instead."
The "Show trayicon" string was removed in Commit 5e30a6d5bc6b2b35aefe8f3f98ee2b5ec6b881 so these strings should either be removed or updated.https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/7Typo in error message2021-02-15T13:04:43ZBugzillaTypo in error message## Submitted by Anders Jonsson `@ajonsson`
**[Link to original bug (#750527)](https://bugzilla.gnome.org/show_bug.cgi?id=750527)**
## Description
Hi,
in src/dummy-strings.c there is a typo for the error code KRB5_PLUGIN_OP_NOTSUPP. ...## Submitted by Anders Jonsson `@ajonsson`
**[Link to original bug (#750527)](https://bugzilla.gnome.org/show_bug.cgi?id=750527)**
## Description
Hi,
in src/dummy-strings.c there is a typo for the error code KRB5_PLUGIN_OP_NOTSUPP. It says "Plugin does not support the operaton", which should be "operation".
This was fixed in the upstream file some years ago:
https://github.com/krb5/krb5/commit/20337d95b42b43d3f6858294490f0ee1ba3a007dhttps://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/6krb5-auth-dialog no longer appears to renew tickets2021-02-14T15:38:02ZBugzillakrb5-auth-dialog no longer appears to renew tickets## Submitted by ped..@..il.com
**[Link to original bug (#748544)](https://bugzilla.gnome.org/show_bug.cgi?id=748544)**
## Description
After upgrading to Gnome 3.16, the tool (version 3.15.4) appears to no longer renew my tickets. I ...## Submitted by ped..@..il.com
**[Link to original bug (#748544)](https://bugzilla.gnome.org/show_bug.cgi?id=748544)**
## Description
After upgrading to Gnome 3.16, the tool (version 3.15.4) appears to no longer renew my tickets. I need to manually run 'kinit'.
Also, I noticed that the 'renew' check box is unclickable (doesn't change state). I believe this used to be toggle-able.
I see following logs, but they appear related to GUI and not auth related.
Apr 24 17:28:28 mycomputer.domain.com krb5-auth-dialog.desktop[472]: (krb5-auth-dialog:472): GLib-GObject-WARNING **: The property GtkMisc:yalign is deprecated and shouldn't be used anymore. It will be removed
Apr 24 17:28:28 mycomputer.domain.com krb5-auth-dialog.desktop[472]: (krb5-auth-dialog:472): GLib-GObject-WARNING **: The property GtkAlignment:bottom-padding is deprecated and shouldn't be used anymore. It wi
A
Any further tips on debugging this issue? Thanks.https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/5[RFE] support authenticating from a keytab2018-01-10T21:10:35ZBugzilla[RFE] support authenticating from a keytab## Submitted by Ken Dreyer
**[Link to original bug (#737866)](https://bugzilla.gnome.org/show_bug.cgi?id=737866)**
## Description
It would be quite nice if krb5-auth-dialog would support authenticating from a keytab file. This would...## Submitted by Ken Dreyer
**[Link to original bug (#737866)](https://bugzilla.gnome.org/show_bug.cgi?id=737866)**
## Description
It would be quite nice if krb5-auth-dialog would support authenticating from a keytab file. This would prevent the user from having to type the same password every day.
Regarding the UI, perhaps there could be a file selection dialogue in a new section in the "Kerberos" tab. Perhaps under the "Kerberos User" and "Kerberos Ticket Options" sections, there could be a "Keytab file" section?https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/4krb5-auth-dialog: renew for current principal, not local user - cannot override2018-01-10T21:10:22ZBugzillakrb5-auth-dialog: renew for current principal, not local user - cannot override## Submitted by Jan Iven
**[Link to original bug (#637053)](https://bugzilla.gnome.org/show_bug.cgi?id=637053)**
## Description
krb5-auth-dialog prompts for the "Kerberos" password for the currently-logged user instead of the princi...## Submitted by Jan Iven
**[Link to original bug (#637053)](https://bugzilla.gnome.org/show_bug.cgi?id=637053)**
## Description
krb5-auth-dialog prompts for the "Kerberos" password for the currently-logged user instead of the principal of the existing (soon to expire) credential.
In case these differ, it should prefer the principal as stored in the credential cache, and (or, at least..) allow to override the principal.
Command-line "kinit" does the correct thing - without other arguments, it attempts to renew/refresh the current principal, not the local user.
Fedora14, krb5-auth-dialog-0.16-1.fc14.i686https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/3ticket does not work with imap server2018-01-10T21:09:33ZBugzillaticket does not work with imap server## Submitted by Götz Waschk
**[Link to original bug (#593390)](https://bugzilla.gnome.org/show_bug.cgi?id=593390)**
## Description
Created attachment 141931
klist -f of the not-working ticket
When I get a new ticket from krb5-auth-...## Submitted by Götz Waschk
**[Link to original bug (#593390)](https://bugzilla.gnome.org/show_bug.cgi?id=593390)**
## Description
Created attachment 141931
klist -f of the not-working ticket
When I get a new ticket from krb5-auth-dialog, I cannot get my mail from the
imap server. Evolution's error is "clock skew to great". When I get the ticket
with kinit, everything is fine.
I have enabled all flags in the settings: proxiable, renewable, forwardable.
I'm using krb5-auth-dialog 0.12 on Mandriva Cooker with krb5 1.6.3.
**Attachment 141931**, "klist -f of the not-working ticket":
[klist-bad](/uploads/34b20b6e7cf67cb36dae50c9b742ffab/klist-bad)https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/2Incorrect notification when account locked in AD2024-02-09T18:02:14ZBugzillaIncorrect notification when account locked in AD## Submitted by Bojan Smojver
**[Link to original bug (#572246)](https://bugzilla.gnome.org/show_bug.cgi?id=572246)**
## Description
Please describe the problem:
I bumped into this one when my AD account got locked and krb5-auth-dia...## Submitted by Bojan Smojver
**[Link to original bug (#572246)](https://bugzilla.gnome.org/show_bug.cgi?id=572246)**
## Description
Please describe the problem:
I bumped into this one when my AD account got locked and krb5-auth-dialog was about to renew the credentials. Because the account was locked, the ticket was not renewed. However, krb5-auth-dialog still said "Your Kerberos credentials have been refreshed.". I think this may be related to the fact that remaining, as calculated in ka_update_status() function from creds_expiry will still be > 0 (because the old ticket is kept).
Maybe we should also pass the status of renewal to ka_update_status(), so that we don't incorrectly notify that ticket has been renewed.
Steps to reproduce:
1. Configure krb5 authentication against AD.
2. Lock your account (usually, 3 successive attempts to login with wrong pwd).
3. Do this 1/2 hour before ticket expiry and see what krb5-auth-dialog does.
Actual results:
User is notified that ticket has been refreshed.
Expected results:
User should be told that refresh process did not end successfully.
Does this happen every time?
Yes.
Other information:https://gitlab.gnome.org/GNOME/krb5-auth-dialog/-/issues/1Teach krb5-auth-dialog to use gnome-keyring2018-01-10T21:08:20ZBugzillaTeach krb5-auth-dialog to use gnome-keyring## Submitted by Bojan Smojver
Assigned to **Guido Günther `@guidog`**
**[Link to original bug (#567701)](https://bugzilla.gnome.org/show_bug.cgi?id=567701)**
## Description
Description of problem:
This program keeps asking for pas...## Submitted by Bojan Smojver
Assigned to **Guido Günther `@guidog`**
**[Link to original bug (#567701)](https://bugzilla.gnome.org/show_bug.cgi?id=567701)**
## Description
Description of problem:
This program keeps asking for password, although we have a perfectly good
keyring manager available.
Version-Release number of selected component (if applicable):
0.7-7.fc9
How reproducible:
Always.
Steps to Reproduce:
1. Kerberos ticket expires, krb5-auth-dialog pops up to ask for password.
Additional info:
See Red Hat bug https://bugzilla.redhat.com/show_bug.cgi?id=478728 for patches to 0.7 and 0.8.
### Depends on
* [Bug 659680](https://bugzilla.gnome.org/show_bug.cgi?id=659680)