[Freeipa-devel] Safari and web interface
Rob Crittenden
rcritten at redhat.com
Mon Jul 28 13:31:20 UTC 2008
Simo Sorce wrote:
> On Sat, 2008-07-26 at 20:42 -0400, W. Michael Petullo wrote:
>> I have an iMac running Mac OS X 10.4 that authenticates against a
>> FreeIPA 1.1.0 server. Although the computer otherwise works as a
>> FreeIPA client, I am unable to connect to the FreeIPA web interface
>> using Safari. Firefox connects fine from the same machine. Safari says:
>>
>> "Permission Denied"
>> "You do not have permission to access this page."
>> "Kerberos login failed"
>>
>> The Kerberos server logs this when I use Safari:
>>
>> Jul 26 20:38:28 golem.flyn.org krb5kdc[28682](info): TGS_REQ (7
>> etypes {18 17 16 23 1 3 2}) 192.168.0.102: ISSUE: authtime
>> 1217119078, etypes {rep=18 tkt=18 ses=18}, admin at FLYN.ORG for HTTP/
>> golem.flyn.org at FLYN.ORG
>>
>> The Kerberos server logs this when I use Firefox:
>>
>> Jul 26 20:39:28 golem.flyn.org krb5kdc[28682](info): TGS_REQ (1
>> etypes {18}) 192.168.0.102: ISSUE: authtime 1217119078, etypes
>> {rep=18 tkt=18 ses=18}, admin at FLYN.ORG for krbtgt/FLYN.ORG at FLYN.ORG
>> Jul 26 20:39:29 golem.flyn.org krb5kdc[28682](info): TGS_REQ (7
>> etypes {18 17 16 23 1 3 2}) 192.168.0.10: ISSUE: authtime 1217119078,
>> etypes {rep=18 tkt=18 ses=18}, admin at FLYN.ORG for ldap/
>> golem.flyn.org at FLYN.ORG
>> [...]
>>
>> Is anyone using Safari to configure FreeIPA?
>
> I never tried but from the logs it seem that Safari might not be
> forwarding the user TGT.
>
IIRC Safari was originally based on Konqueror/KHTML.
Currently Konqueror doesn't support delegation (though it does support
GSSAPI). Not sure if this bug is apropos to Safari
http://bugs.kde.org/show_bug.cgi?id=138414
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080728/12ae233e/attachment.bin>
More information about the Freeipa-devel
mailing list