You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Safari fails GSSAPI authentication when hostname is a CNAME (DNS alias)

Hi,

we heavily use kerberos as authentication mechanism for web sites. The Safari users among us discovered that they were unable to use GSSAPI (Kerberos) authentication for URLs that contain a CNAME instead of an A-record.

Example:

+ http://statusmeldungen.uni-paderborn.de+ contains the hostname statusmeldungen.uni-paderborn.de which is just a CNAME to haldus.uni-paderborn.de.

So the browser must request the service ticket HTTP/haldus.uni-paderborn.de

Firefox does this, but Safari tries to fetch HTTP/statusmeldungen.uni-paderborn.de which does not exist, so it fails.

Is this a known bug? Is this going to be fixed some day?

Thanks,

Christopher

Mac OS X (10.6.3)

Posted on Apr 28, 2010 4:43 AM

Reply

There are no replies.

Safari fails GSSAPI authentication when hostname is a CNAME (DNS alias)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.