[Freeipa-devel] Safari and web interface
Simo Sorce
ssorce at redhat.com
Sun Jul 27 09:30:21 UTC 2008
On Sat, 2008-07-26 at 20:42 -0400, W. Michael Petullo wrote:
> I have an iMac running Mac OS X 10.4 that authenticates against a
> FreeIPA 1.1.0 server. Although the computer otherwise works as a
> FreeIPA client, I am unable to connect to the FreeIPA web interface
> using Safari. Firefox connects fine from the same machine. Safari says:
>
> "Permission Denied"
> "You do not have permission to access this page."
> "Kerberos login failed"
>
> The Kerberos server logs this when I use Safari:
>
> Jul 26 20:38:28 golem.flyn.org krb5kdc[28682](info): TGS_REQ (7
> etypes {18 17 16 23 1 3 2}) 192.168.0.102: ISSUE: authtime
> 1217119078, etypes {rep=18 tkt=18 ses=18}, admin at FLYN.ORG for HTTP/
> golem.flyn.org at FLYN.ORG
>
> The Kerberos server logs this when I use Firefox:
>
> Jul 26 20:39:28 golem.flyn.org krb5kdc[28682](info): TGS_REQ (1
> etypes {18}) 192.168.0.102: ISSUE: authtime 1217119078, etypes
> {rep=18 tkt=18 ses=18}, admin at FLYN.ORG for krbtgt/FLYN.ORG at FLYN.ORG
> Jul 26 20:39:29 golem.flyn.org krb5kdc[28682](info): TGS_REQ (7
> etypes {18 17 16 23 1 3 2}) 192.168.0.10: ISSUE: authtime 1217119078,
> etypes {rep=18 tkt=18 ses=18}, admin at FLYN.ORG for ldap/
> golem.flyn.org at FLYN.ORG
> [...]
>
> Is anyone using Safari to configure FreeIPA?
I never tried but from the logs it seem that Safari might not be
forwarding the user TGT.
Simo.h
More information about the Freeipa-devel
mailing list