Where to create a kerberos-related policy?

[bocekm]

With the ungoogled-chromium Fedora package https://github.com/ungoogled-software/ungoogled-chromium-fedora I was using a custom policy file /etc/chromium/policies/managed/my_policy.json where I had the following to allow authentication using a kerberos ticket:

{
 "AuthServerAllowlist": "*.domain.com",
}

However because the Fedora package is not maintained anymore, I installed the ungoogled-chromium on my Fedora 35 through your flatpak. Now the policy is not being picked up by the browser.

I tried moving it to the following places but without luck

• /usr/share/chromium/policies/managed/
• /var/lib/flatpak/app/com.github.Eloston.UngoogledChromium/x86_64/stable/2fa22360574cf96c26b20df48b08fb53d0ceded54b385f7913fe5fe13e3c9de7/files/chromium/policies/managed/

Where should I move the json so that it's used? Thanks.

[rany2]

Hello, there are two main methods:

• using something similar to this example: https://github.com/flathub/org.chromium.Chromium/tree/master/examples/policies/google-safe-search
• using ~/.var/app/com.github.Eloston.UngoogledChromium/config/chromium-flags.conf and adding to it:

--auth-server-allowlist=*.domain.com

Personally I find the second method easiest

[bocekm]

It works, thank you!