Bug 861035 - No krb5 auth dialog shown
No krb5 auth dialog shown
Status: NEW
Product: Fedora
Classification: Fedora
Component: krb5-auth-dialog (Show other bugs)
25
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Itamar Reis Peixoto
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-27 07:13 EDT by Tim Waugh
Modified: 2016-11-24 15:23 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim Waugh 2012-09-27 07:13:12 EDT
Description of problem:
I don't get an auth dialog when starting e.g. evolution with a GSSAPI account when there are no tickets cached.

Version-Release number of selected component (if applicable):
krb5-auth-dialog-3.2.1-4.fc18.x86_64

How reproducible:
100%

Additional information:
I see this in .cache/gdm/session.log:

** (krb5-auth-dialog:1781): WARNING **: Unsupported cache type for 'DIR:/run/use
r/1001/krb5cc_2547030cbf05be3c07e7ae11506429f3'

** (krb5-auth-dialog:1781): CRITICAL **: monitor_ccache: assertion `ccache_name 
!= NULL' failed

(krb5-auth-dialog:1781): GLib-GIO-CRITICAL **: GApplication subclass 'KaApplet' 
failed to chain up on ::startup (from start of override function)
Comment 1 Matt Kinni 2012-10-02 15:12:00 EDT
I can also confirm this problem affects me in Fedora 17 with krb5-auth-dialog-3.2.1-3.fc17.x86_64.

While I get the same 

** Message: No plugins to load
(krb5-auth-dialog:18200): GLib-GIO-CRITICAL **: GApplication subclass 'KaApplet' failed to chain up on ::startup (from start of override function)

error message and the icon doesn't show up in the systray, it seems that the applet is still running in the background.  If I use kinit or kdestroy I still get the notifications like "Network credentials expired", but I just don't see the icon anywhere
Comment 2 Tim Waugh 2012-10-03 04:34:15 EDT
I should note: whereas Dirk is using KDE, I am using GNOME. The krb5 dialog appeared fine for me in Fedora 17 with GNOME, but not in Fedora 18.
Comment 3 Matt Kinni 2012-10-04 01:54:43 EDT
(In reply to comment #2)
> I should note: whereas Dirk is using KDE, I am using GNOME. The krb5 dialog
> appeared fine for me in Fedora 17 with GNOME, but not in Fedora 18.

I should clarify my statement that it does not show up for me in Cinnamon F17, but does show correctly in GNOME F17
Comment 4 Stefan Assmann 2012-11-13 02:41:49 EST
I'm not seeing it in F17 with GNOME3.
Comment 5 marianne@tuxette.fr 2013-01-09 03:00:14 EST
Same here with f18 GNOME3 

krb5-auth-dialog-3.2.1-4.fc18.x86_64
Comment 6 Nils Philippsen 2013-01-18 03:59:03 EST
I could imagine that this is related to /tmp being tmpfs in F-18 -- I saw similar issues in older Fedora versions after kdestroying my credentials cache, so maybe krb5-auth-dialog (just?) needs to learn to cope better without an existing credentials cache.
Comment 7 Suvayu 2013-01-22 05:51:16 EST
I also see a similar issue with krb5-auth-dialog-3.2.1-4.fc18.x86_64.  This was working without hiccups on F17.  That said, while testing by mistake I ran the dialog as root.  After that I killed it.  Since then when I run the dialog as the normal user again, everything seems to work as expected.

Hope this helps.
Comment 8 Russell Harrison 2013-02-11 14:13:08 EST
(In reply to comment #6)
> I could imagine that this is related to /tmp being tmpfs in F-18 -- I saw
> similar issues in older Fedora versions after kdestroying my credentials
> cache, so maybe krb5-auth-dialog (just?) needs to learn to cope better
> without an existing credentials cache.

You may be onto something here.  The autostart desktop file (/etc/xdg/autostart/krb5-auth-dialog.desktop) lists the command as "krb5-auth-dialog --auto" which from running "krb5-auth-dialog --help" I see that "--auto" means "Only run if an initialized ccache is found". I ran the command without the "--auto" and it started fine and I was able to request and cache a new ticket just fine.

It also could simply be a factor have my not having run kinit since I upgraded to F18.  I'll leave the desktop file alone and see how things are working after the next reboot.
Comment 9 Mick Wahren 2013-02-18 22:15:35 EST
> You may be onto something here.  The autostart desktop file
> (/etc/xdg/autostart/krb5-auth-dialog.desktop) lists the command as
> "krb5-auth-dialog --auto" which from running "krb5-auth-dialog --help" I see
> that "--auto" means "Only run if an initialized ccache is found". I ran the
> command without the "--auto" and it started fine and I was able to request
> and cache a new ticket just fine.

+1 Here. 
Removing the --auto flag from /etc/xdg/autostart/krb5-auth-dialog.desktop starts krb5-auth-dialog. This now drops an icon into my status bar notifying me that my credentials have expired.

The nice behaviour overall would be for sssd to cache my credentials and re-populate the kerberos ccache directory in /var/run/user/..., but this is a nice workaround.

Cheers
Mick
Comment 10 Mike Iglesias 2013-11-07 12:50:39 EST
Removing --auto makes it work in Fedora 19 as well.
Comment 11 Fedora End Of Life 2013-12-21 03:58:15 EST
This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '18'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 18's end of life.

Thank you for reporting this issue and we are sorry that we may not be 
able to fix it before Fedora 18 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior to Fedora 18's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 12 Yaakov Selkowitz 2014-05-16 16:46:22 EDT
Just encountered this as well.  --auto was added to the .desktop file for bug 688302; the reason being, if krb5-auth-dialog is installed, it will autostart upon each login, but if a user doesn't actually use Kerberos, the expired credentials warning is unwanted noise.  Therefore, using --auto avoids the dialog unless a cache already exists at login (e.g. via PAM)

The problem with that is the same .desktop file is installed in both /etc/xdg/autostart and /usr/share/applications (as "Kerberos Authentication" under Internet/Network).  If a user starts this item manually, IMHO the dialog should appear regardless so that the user can retrieve a TGT.  Right now, however, the program does not start unless a ticket already exists (e.g. via PAM, or with kinit on the command line before launching from the menu).

Perhaps the compromise would be to drop krb5-auth-dialog-autostart.patch, and append --auto to the Exec line of *only* the autostart entry with sed, leaving the menu entry alone.
Comment 13 Jan Kurik 2015-07-15 10:59:06 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
Comment 14 Fedora End Of Life 2016-11-24 05:48:34 EST
This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Note You need to log in before you can comment on or make changes to this bug.