Hi, I’m trying to understand the following scenario:
- KDE workstation joined to an AD, user logged in and has a valid Kerberos ticket
- the ticket can be used to access documents on a protected web server
- an application offers drag 'n drop for URLs to that server
- dnd to Dolphin works - the document behind the URL is downloaded by Dolphin (with Kerberos auth) to the local folder
- dnd to plasmashell (“Desktop”) results in an endless activity indicator and no downloaded file.
A colleague has tcpdump’ed the communications between the web server and Dolphin versus Plasmashell. Both try to access the document on the web server and receive a 401 “Negotiate” response. Dolphin, on one hand, will then re-access the web server offering the user’s Kerberos ticket, while plasmashell seems to bail out on this instead.
We’ve seen something similar with a limited version of libcurl, which wasn’t linked against gssapi. Using a properly compiled libcurl in that other case resulted in full functionality / downloads. I’ve found no details if plasmashell might need similar compile-time options or if plasmashell supports libgssapi at all.
Any thoughts on this?
Thanks & regards,
J