Two parts to this. 1) Enable gssapi to be used in Chrome on Chrome OS only for Chromad 2) Setup the interaction with the authpolicyd sandbox so that Chrome has access to the correct krb5.conf, can read the login TGT and can write a service ticket.
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/60d297aaf1ad0e0cff3c25ce07704b777b33cca8 commit 60d297aaf1ad0e0cff3c25ce07704b777b33cca8 Author: Zentaro Kavanagh <zentaro@google.com> Date: Thu Apr 27 02:46:57 2017 Add a dependency on mit-krb5. On x64, Chrome already depends on mit-krb5 through the chain chrome->authpolicyd->samba->mit-krb5. However, Chrome is going to use Kerberos authentication to support SAML SSO, so we're adding it directly here. BUG= chromium:713709 TEST=emerges Change-Id: Id2deeba35643d7832567200db3d3148283ff05ee Reviewed-on: https://chromium-review.googlesource.com/486250 Commit-Ready: Zentaro Kavanagh <zentaro@google.com> Tested-by: Zentaro Kavanagh <zentaro@google.com> Reviewed-by: Lutz Justen <ljusten@chromium.org> [modify] https://crrev.com/60d297aaf1ad0e0cff3c25ce07704b777b33cca8/chromeos-base/chromeos-chrome/chromeos-chrome-9999.ebuild
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e03263581463ff17960eef46c3173bb28d9e3b8e commit e03263581463ff17960eef46c3173bb28d9e3b8e Author: zentaro <zentaro@chromium.org> Date: Tue May 09 13:11:51 2017 Enable loading gssapi library for Chromad. This enables building in Kerberos/gssapi support on Chrome OS but only loads the library for Chromad enabled devices. BUG= chromium:713709 R=asanka@chromium.org,rsleevi@chromium.org Review-Url: https://codereview.chromium.org/2826273004 Cr-Commit-Position: refs/heads/master@{#470303} [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/chrome/browser/io_thread.cc [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/chrome/browser/io_thread.h [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/net/features.gni [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/net/http/http_auth_handler_factory.cc [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/net/http/http_auth_handler_negotiate.cc [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/net/http/http_auth_preferences.cc [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/net/http/http_auth_preferences.h [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/net/http/http_auth_preferences_unittest.cc [modify] https://crrev.com/e03263581463ff17960eef46c3173bb28d9e3b8e/net/http/mock_allow_http_auth_preferences.cc
bulk add component:Enterprise to Chromad bugs
Is this fixed?
Yes.
Comment 1 by bugdroid1@chromium.org
, Apr 27 2017