Diff for /wikisrc/kerberos/web_browser.mdwn between versions 1.8 and 1.11

version 1.8, 2011/07/31 22:29:30 version 1.11, 2019/09/02 21:28:13
Line 1 Line 1
 First, Kerberize your [[system]]. Then:  First, Kerberize your [[system]]. Then:
   
 #### [[!toggle id="firefox" text="Firefox"]]  ## Firefox
 [[!toggleable id="firefox" text="""  
 7. Open Firefox.  7. Open Firefox.
 7. Go to [about:config](about:config).  7. Go to <about:config>.
 7. Filter for `network.negotiate-auth`.  7. Filter for `network.negotiate-auth`.
 7. Set `network.negotiate-auth.trusted-uris` (_not_  7. Set `network.negotiate-auth.trusted-uris` (_not_
 `network.negotiate-auth.delegation-uris`) to `netbsd.org`.  `network.negotiate-auth.delegation-uris`) to `netbsd.org`.
 7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`.  7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`.
 """]]  
   
 #### [[!toggle id="konqueror" text="Konqueror"]]  
 [[!toggleable id="konqueror" text="""  
 Possibly the same as [[!toggle id="safari" text="Safari"]]?  
 """]]  
   
 #### [[!toggle id="safari" text="Safari (Mac OS X)"]]  ## Konqueror
 [[!toggleable id="safari" text="""  
   Possibly the same as Safari?
   
   
   ## Safari (Mac OS X)
   
 7. Open Safari.  7. Open Safari.
 7. There is no Step 2.  7. There is no Step 2.
 """]]  
   
 #### [[!toggle id="chrome" text="Google Chrome"]]  
 [[!toggleable id="chrome" text="""  ## Google Chrome
   
 7. Run Chrome [with the `--auth-server-whitelist`  7. Run Chrome [with the `--auth-server-whitelist`
    argument](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication).     argument](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication).
    For example, in Mac OS X:     For example, in Mac OS X:
   
     $ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org"      $ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org"
 """]]  
   
 #### [[!toggle id="ie" text="Internet Explorer"]]  
 [[!toggleable id="ie" text="""  ## Internet Explorer
   
 Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:  Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:
   
 > Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]]  > Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]]
Line 40  Internet Explorer can use Microsoft's bu Line 40  Internet Explorer can use Microsoft's bu
 * <http://support.microsoft.com/kb/299838>  * <http://support.microsoft.com/kb/299838>
 * <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx>  * <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx>
 * <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38>  * <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38>
 """]]  

Removed from v.1.8  
changed lines
  Added in v.1.11


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb