search

fedora-silverblue / issue-tracker

Fedora Silverblue issue tracker
https://fedoraproject.org/atomic-desktops/silverblue/
124 stars 3 forks source link

Issues with Online Accounts and keyring #601

Open alexsaezm opened 3 days ago

alexsaezm commented 3 days ago

Describe the bug Both 40 and 41 lacks kerberos tools to allow the login into kerberos realms. Also, in 41 the keyring might be doing something odd as Online Accounts cannot store the information and kinit/klist/kdestroy fails with:

klist: Connection refused while resolving ccache

Also, VSCode seems to also have problems with tokens. This might not be related as other applications seem to work like Slack.

To Reproduce

  1. Install Fedora Silverblue 41
  2. Try to log into a Fedora account using Online Accounts or kinit. Or any other kerberos account.

Expected behavior Fedora Workstation works.

Screenshots Screenshot From 2024-09-24 16-27-49

OS version:

$ rpm-ostree status -b
State: idle
BootedDeployment:
● fedora:fedora/41/x86_64/silverblue
                  Version: 41.20240924.n.0 (2024-09-24T08:11:28Z)
               BaseCommit: fa1371df1ba32a0b7fd30e7dc4918c7c232e721680894e14135e564789db6cee
             GPGSignature: Valid signature by 466CF2D8B60BC3057AA9453ED0622462E99D6AD1
          LayeredPackages: fedora-packager-kerberos gnome-boxes krb5-workstation
            LocalPackages: 1password-8.10.44-1.x86_64 redhat-internal-cert-install-0.1-29.el7.noarch redhat-internal-NetworkManager-openvpn-profiles-0.1-62.el8.noarch slack-4.39.95-0.1.el8.x86_64

Additional context Forum link: https://discussion.fedoraproject.org/t/fedora-41-impossible-to-log-with-fedora-project-account/131632/14 GNOME Issue: https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/issues/370

andyholmes commented 2 days ago

Additional error text for context:

(process:7420): libgoaidentity-DEBUG: 13:45:49.816: GoaIdentityService: asking to sign in
(process:7420): libgoaidentity-DEBUG: 13:45:49.817: GoaKerberosIdentityManager: signing in identity andyholmes@FEDORAPROJECT.ORG
(process:7420): libgoaidentity-DEBUG: 13:45:49.817: GoaKerberosIdentityManager: don't know if credential cache type (null) supports cache collections, assuming yes
(process:7420): libgoaidentity-DEBUG: 13:45:49.817: GoaKerberosIdentityManager:         Error creating new cache for identity credentials: Connection refused
(process:7420): libgoaidentity-DEBUG: 13:45:49.818: GoaKerberosIdentityManager: Waiting for next operation
(process:7420): libgoaidentity-DEBUG: 13:45:49.818: GoaIdentityService: could not sign in identity: Could not create credential cache for identity

The (null) credential cache type is probably the notable thing here.