Macintosh Safari Browser and IIS with Kerberos

Tim Alsop Tim.Alsop at CyberSafe.Ltd.UK
Fri Dec 5 09:41:00 EST 2003


Sam,

I don't understand your comment about authorisation. Can you explain ?

Specially, what is the difference between using a Mac OSX client and a Windows client to access the same IIS server with credential delegation for a specific web application ?

Regards, Tim. 

-----Original Message-----
From: Sam Hartman [mailto:hartmans at mit.edu] 
Sent: 05 December 2003 14:43
To: Tim Alsop
Cc: swbell; kerberos at mit.edu
Subject: Re: Macintosh Safari Browser and IIS with Kerberos

>>>>> "Tim" == Tim Alsop <Tim.Alsop at cybersafe.ltd.uk> writes:

    Tim> We now have authentication to IIS working with Max OSX
    Tim> 10.3. However, we cannot find a way to get Safari to forward
    Tim> credentials to IIS. The initial tgt is forwardable, but it is
    Tim> not being forwarded ... I can see that normally a Safari user
    Tim> would only want to allow their web server application
    Tim> determine their identity and this is clearly working, but our
    Tim> needs are beyond that since we want the IIS application to
    Tim> use the users credentials to setup a security context with a
    Tim> third-tier ...  Tim.

Handling authorization for this is non-trivial.  You definitely don't want to give out your TGT to any random web server you contact.


More information about the Kerberos mailing list