Macintosh Safari Browser and IIS with Kerberos
Sam Hartman
hartmans at MIT.EDU
Fri Dec 5 09:42:54 EST 2003
>>>>> "Tim" == Tim Alsop <Tim.Alsop at cybersafe.ltd.uk> writes:
Tim> We now have authentication to IIS working with Max OSX
Tim> 10.3. However, we cannot find a way to get Safari to forward
Tim> credentials to IIS. The initial tgt is forwardable, but it is
Tim> not being forwarded ... I can see that normally a Safari user
Tim> would only want to allow their web server application
Tim> determine their identity and this is clearly working, but our
Tim> needs are beyond that since we want the IIS application to
Tim> use the users credentials to setup a security context with a
Tim> third-tier ... Tim.
Handling authorization for this is non-trivial. You definitely don't
want to give out your TGT to any random web server you contact.
More information about the Kerberos
mailing list