Macintosh Safari Browser and IIS with Kerberos
Tim Alsop
Tim.Alsop at CyberSafe.Ltd.UK
Fri Dec 5 09:41:00 EST 2003
Sam,
I don't understand your comment about authorisation. Can you explain ?
Specially, what is the difference between using a Mac OSX client and a Windows client to access the same IIS server with credential delegation for a specific web application ?
Regards, Tim.
-----Original Message-----
From: Sam Hartman [mailto:hartmans at mit.edu]
Sent: 05 December 2003 14:43
To: Tim Alsop
Cc: swbell; kerberos at mit.edu
Subject: Re: Macintosh Safari Browser and IIS with Kerberos
>>>>> "Tim" == Tim Alsop <Tim.Alsop at cybersafe.ltd.uk> writes:
Tim> We now have authentication to IIS working with Max OSX
Tim> 10.3. However, we cannot find a way to get Safari to forward
Tim> credentials to IIS. The initial tgt is forwardable, but it is
Tim> not being forwarded ... I can see that normally a Safari user
Tim> would only want to allow their web server application
Tim> determine their identity and this is clearly working, but our
Tim> needs are beyond that since we want the IIS application to
Tim> use the users credentials to setup a security context with a
Tim> third-tier ... Tim.
Handling authorization for this is non-trivial. You definitely don't want to give out your TGT to any random web server you contact.
More information about the Kerberos
mailing list