Safari fails GSSAPI authentication when hostname is a CNAME (DNS alias)
Hi,
we heavily use kerberos as authentication mechanism for web sites. The Safari users among us discovered that they were unable to use GSSAPI (Kerberos) authentication for URLs that contain a CNAME instead of an A-record.
Example:
+ http://statusmeldungen.uni-paderborn.de+ contains the hostname statusmeldungen.uni-paderborn.de which is just a CNAME to haldus.uni-paderborn.de.
So the browser must request the service ticket HTTP/haldus.uni-paderborn.de
Firefox does this, but Safari tries to fetch HTTP/statusmeldungen.uni-paderborn.de which does not exist, so it fails.
Is this a known bug? Is this going to be fixed some day?
Thanks,
Christopher
we heavily use kerberos as authentication mechanism for web sites. The Safari users among us discovered that they were unable to use GSSAPI (Kerberos) authentication for URLs that contain a CNAME instead of an A-record.
Example:
+ http://statusmeldungen.uni-paderborn.de+ contains the hostname statusmeldungen.uni-paderborn.de which is just a CNAME to haldus.uni-paderborn.de.
So the browser must request the service ticket HTTP/haldus.uni-paderborn.de
Firefox does this, but Safari tries to fetch HTTP/statusmeldungen.uni-paderborn.de which does not exist, so it fails.
Is this a known bug? Is this going to be fixed some day?
Thanks,
Christopher
Mac OS X (10.6.3)