First, Kerberize your system. Then:
- Open Firefox.
- Go to about:config.
- Filter for
- (Windows only) Filter for
use-sspi, then set
Possibly the same as Safari?
Safari (Mac OS X)
- Open Safari.
- There is no Step 2.
Run Chrome with the
--auth-server-whitelistargument. For example, in Mac OS X:
$ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org"
Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:
Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a
host/<windows_machine>principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to kinit(1) ... --jym