On 16.10.19 08:46, Stephan Bergmann wrote:
On 14/10/2019 13:33, Lionel Élie Mamane wrote:
On Mon, Oct 14, 2019 at 11:05:32AM +0200, Stephan Bergmann wrote:
The only use of WITH_KRB5 and WITH_GSSAPI in LO appears to be the
PostgreSQL
support (see connectivity/Library_postgresql-sdbc-impl.mk and
external/postgresql/ExternalProject_postgresql.mk). Is there some
documentation how to test whether the use of krb5 and gssapi in the
PostgreSQL support actually works?
Try to connect to a PostgreSQL support with GSSAPI and Kerberos?
For the record: Found a PostgreSQL server inside RH that I could access
with my RH Kerberos credentials. What I tested was "File - New -
Database", then on the wizard's first "Select database" page "Connect to
an existing database: PostgreSQL", on the second "Connection settings"
page specify "host=... port=5433 dbname=public sslmode=require", and on
the third "Set up user authentication" page leave everything blank and
click "Test Connection". This worked with a local Linux LO build,
announcing a successful test of the connection.
For both the current LO 6.3.2 Flathub build against
org.freedesktop.Sdk//18.08 (where krb5 is included in the runtime), as
well as for a local LO 6.3.2 Flatpak build of
<https://github.com/flathub/org.libreoffice.LibreOffice/pull/104>
"Freedesktop19.08" (against org.freedesktop.Sdk//19.08, where krb5 is no
longer included in the runtime, but where I bundle it with LO), it
worked as follows:
The test failed to access my Kerberos ticket from outside the Flatpak
sandbox (the connection test reporting an error ending in "GSSAPI
continuation error: No Kerberos credentials available (default cache:
FILE:/tmp/krb5cc_1000)"). But it worked when I explicitly obtained a
ticket inside the sandbox first (`flatpak run --command=bash
org.libreoffice.LibreOffice`, then in the sandbox `kinit ... &&
/app/libreoffice/program/soffice`).
guess FILE and DIR credential cache won't work out of the box, err i
mean inside the (sand-)box, but there's another one the KEYRING which
stores it in the Linux kernel - i wonder if that is available inside the
sandbox? might be a question for people who actually know something
about kerberos :)
https://web.mit.edu/kerberos/krb5-1.12/doc/basic/ccache_def.html
on the other hand it's a very obscure feature probably, maybe not worth
investing any effort in it...
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.