X2Go Bug report logs - #1546
Feature-request: Customizable kerberos ticket cache location

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Florian Oppermann <florian.oppermann@itp.uni-hannover.de>

Date: Wed, 12 May 2021 07:20:01 UTC

Severity: normal

Found in version 4.1.2.2

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1546: Feature-request: Customizable kerberos ticket cache location
Reply-To: Florian Oppermann <florian.oppermann@itp.uni-hannover.de>, 1546@bugs.x2go.org
Resent-From: Florian Oppermann <florian.oppermann@itp.uni-hannover.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Wed, 12 May 2021 07:20:01 +0000
Resent-Message-ID: <handler.1546.B.162080397728136@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 1546
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.162080397728136
          (code B); Wed, 12 May 2021 07:20:01 +0000
Received: (at submit) by bugs.x2go.org; 12 May 2021 07:19:37 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=3.0 tests=BAYES_40,SPF_HELO_NONE
	autolearn=ham autolearn_force=no version=3.4.2
Received: from mailout2n.rrzn.uni-hannover.de (mailout2n.rrzn.uni-hannover.de [130.75.2.113])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id D61D85DC81
	for <submit@bugs.x2go.org>; Wed, 12 May 2021 09:19:20 +0200 (CEST)
Received: from [130.75.237.103] (ip103.237.mip.uni-hannover.de [130.75.237.103])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mailout2n.rrzn.uni-hannover.de (Postfix) with ESMTPSA id 639C71F400
	for <submit@bugs.x2go.org>; Wed, 12 May 2021 09:19:20 +0200 (CEST)
To: submit@bugs.x2go.org
From: Florian Oppermann <florian.oppermann@itp.uni-hannover.de>
Message-ID: <c4bd1539-f95f-ef5e-9809-72a6901171be@itp.uni-hannover.de>
Date: Wed, 12 May 2021 09:19:19 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms070309050305080509040804"
X-Virus-Scanned: clamav-milter 0.102.4 at mailout2n
X-Virus-Status: Clean
[Message part 1 (text/plain, inline)]
Package: x2goclient
Version: 4.1.2.2

Current situation: Authentication via kerberos puts the credential cache 
into $HOME/.x2go/C-$sessionId/krb5cc. In our system this is problematic 
as access to $HOME requires a valid kerberos ticket, i.e. once the 
ticket expires it can’t be renewed from within the X2Go session because 
access to the ticket cache is denied. For normal logins, the krb5cc is 
located at /tmp which prevents this problem. I’d appreciate an option to 
set the location where to put the ticket cache.

I believe the current behaviour comes from src/onmainwindow.cpp:7332 
where the location is more or less hard-coded. My suggestion would be to 
add either a configuration option in the GUI or at least a command line 
switch to change this location. I’m not familiar enough with the code to 
provide a patch but I think it should be not too difficult.

Thanks for all your great work! :-)

[smime.p7s (application/pkcs7-signature, attachment)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Feb 9 02:19:36 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.