--- wikisrc/kerberos/web_browser.mdwn 2009/11/05 01:31:01 1.4 +++ wikisrc/kerberos/web_browser.mdwn 2013/02/16 13:42:32 1.10 @@ -1,31 +1,42 @@ First, Kerberize your [[system]]. Then: -#### [[!toggle id="firefox" text="Firefox"]] -[[!toggleable id="firefox" text=""" +## Firefox + 7. Open Firefox. 7. Go to [about:config](about:config). 7. Filter for `network.negotiate-auth`. -7. Set `network.negotiate-auth.trusted-uris` and -`network.negotiate-auth.delegation-uris` to `netbsd.org`. -"""]] - -#### [[!toggle id="konqueror" text="Konqueror"]] -[[!toggleable id="konqueror" text=""" -Possibly the same as [[!toggle id="safari" text="Safari"]]? -"""]] +7. Set `network.negotiate-auth.trusted-uris` (_not_ +`network.negotiate-auth.delegation-uris`) to `netbsd.org`. +7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`. + + +## Konqueror + +Possibly the same as Safari? + + +## Safari (Mac OS X) -#### [[!toggle id="safari" text="Safari (Mac OS X)"]] -[[!toggleable id="safari" text=""" 7. Open Safari. 7. There is no Step 2. -"""]] -#### [[!toggle id="ie" text="Internet Explorer"]] -[[!toggleable id="ie" text=""" + +## Google Chrome + +7. Run Chrome [with the `--auth-server-whitelist` + argument](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication). + For example, in Mac OS X: + + $ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org" + + +## Internet Explorer + Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links: +> Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]] + * * * * -"""]]