Bug 593569 – Does not support GSSAPI/Kerberos authentication

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 593569 - Does not support GSSAPI/Kerberos authentication


Summary:	Does not support GSSAPI/Kerberos authentication


Status:	RESOLVED OBSOLETE

Product:	epiphany
Classification:	Core
Component:	Backend
Version:	2.27.x
Hardware:	Other Linux

Importance:	Normal enhancement
Target Milestone:	---
Assigned To:	Epiphany Maintainers
QA Contact:	Epiphany Maintainers

URL:
Whiteboard:

Duplicates:	611326 (view as bug list)
Depends on:	587145
Blocks:

Reported:	2009-08-30 16:20 UTC by Guido Günther
Modified:	2018-08-03 19:24 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Guido Günther 2009-08-30 16:20:54 UTC

Steps to reproduce:

* connect to a site that requires Kerberos for authentication (e.g. using apache's mod-auth-kerb module)
* A password dialog appears

Exptected behaviour:

* if the user has a valid TGT he's not being prompted for a password but a service ticket is acquiered from the KDC and the user can connect to the site

This works with epiphany-gecko.

Comment 1 Guillaume Majbe 2010-08-25 07:21:59 UTC

This lack of feature is still annoying.

It would be great if someone could handle it.

Comment 2 Dan Winship 2010-08-25 13:38:27 UTC

some progress has been made on the libsoup side. There will also need to be some sort of configuration on the epiphany side, as mentioned briefly in bug 587145 comment 17.

Comment 3 James Cape 2014-04-30 23:59:59 UTC

*** Bug 611326 has been marked as a duplicate of this bug. ***

Comment 4 Michael Catanzaro 2015-09-24 18:22:12 UTC

Still an issue?

Comment 5 Dan Winship 2015-09-24 18:37:31 UTC

Yes, although I think some Red Hat people might be looking at this soon.

Comment 6 Michael Catanzaro 2016-02-28 16:57:08 UTC

(In reply to Dan Winship from comment #2)
> some progress has been made on the libsoup side. There will also need to be
> some sort of configuration on the epiphany side, as mentioned briefly in bug
> 587145 comment 17.

TBH I don't understand the comment, what sort of configuration are we talking about? A preferences dialog? Would this be handled by g-o-a instead nowadays?

Comment 7 Dan Winship 2016-02-28 21:39:44 UTC

(In reply to Michael Catanzaro from comment #6)
> TBH I don't understand the comment, what sort of configuration are we
> talking about? A preferences dialog? Would this be handled by g-o-a instead
> nowadays?

You need to be able to say "if *.redhat.com requests Negotiate auth, then send my REDHAT.COM kerberos tickets there, but if other sites request it then don't". Or something. There's ongoing discussion about exactly what's needed. But anyway, yes, it sounds like it might end up in g-o-a.

Comment 8 Nathaniel McCallum 2016-04-21 16:33:51 UTC

Dan, please don't require configuration. Please just do Negotiate automatically if the site is doing valid HTTPS.

Comment 9 GNOME Infrastructure Team 2018-08-03 19:24:34 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/epiphany/issues/131.