|
version 1.6, 2009/11/11 21:26:48
|
version 1.14, 2019/09/02 21:37:56
|
|
Line 1
|
Line 1
|
| First, Kerberize your [[system]]. Then: |
First, Kerberize your [[system]]. Then: |
| |
|
| #### [[!toggle id="firefox" text="Firefox"]] |
## Firefox |
| [[!toggleable id="firefox" text=""" |
|
| 7. Open Firefox. |
7. Open Firefox. |
| 7. Go to [about:config](about:config). |
7. Go to <a><tt>about:config</tt></a>. |
| 7. Filter for `network.negotiate-auth`. |
7. Filter for `network.negotiate-auth`. |
| 7. Set `network.negotiate-auth.trusted-uris` and |
7. Set `network.negotiate-auth.trusted-uris` (_not_ |
| `network.negotiate-auth.delegation-uris` to `netbsd.org`. |
`network.negotiate-auth.delegation-uris`) to `netbsd.org`. |
| 7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`. |
7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`. |
| """]] |
|
| |
|
| #### [[!toggle id="konqueror" text="Konqueror"]] |
|
| [[!toggleable id="konqueror" text=""" |
|
| Possibly the same as [[!toggle id="safari" text="Safari"]]? |
|
| """]] |
|
| |
|
| #### [[!toggle id="safari" text="Safari (Mac OS X)"]] |
## Konqueror |
| [[!toggleable id="safari" text=""" |
|
| |
Possibly the same as Safari? |
| |
|
| |
|
| |
## Safari (Mac OS X) |
| |
|
| 7. Open Safari. |
7. Open Safari. |
| 7. There is no Step 2. |
7. There is no Step 2. |
| """]] |
|
| |
|
| #### [[!toggle id="ie" text="Internet Explorer"]] |
|
| [[!toggleable id="ie" text=""" |
## Google Chrome |
| |
|
| |
7. Run Chrome [with the `--auth-server-whitelist` |
| |
argument](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication). |
| |
For example, in Mac OS X: |
| |
|
| |
$ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org" |
| |
|
| |
|
| |
## Internet Explorer |
| |
|
| Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links: |
Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links: |
| |
|
| > Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]] |
> Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]] |
|
Line 31 Internet Explorer can use Microsoft's bu
|
Line 40 Internet Explorer can use Microsoft's bu
|
| * <http://support.microsoft.com/kb/299838> |
* <http://support.microsoft.com/kb/299838> |
| * <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx> |
* <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx> |
| * <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38> |
* <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38> |
| """]] |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to web_browser.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / kerberos