--- wikisrc/kerberos/web_browser.mdwn 2009/10/21 01:06:48 1.1 +++ wikisrc/kerberos/web_browser.mdwn 2010/10/27 00:22:51 1.7 @@ -5,7 +5,14 @@ First, Kerberize your [[system]]. Then: 7. Open Firefox. 7. Go to [about:config](about:config). 7. Filter for `network.negotiate-auth`. -7. Set `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegation-uris` to `netbsd.org`. +7. Set `network.negotiate-auth.trusted-uris` (_not_ +`network.negotiate-auth.delegation-uris`) to `netbsd.org`. +7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`. +"""]] + +#### [[!toggle id="konqueror" text="Konqueror"]] +[[!toggleable id="konqueror" text=""" +Possibly the same as [[!toggle id="safari" text="Safari"]]? """]] #### [[!toggle id="safari" text="Safari (Mac OS X)"]] @@ -14,7 +21,19 @@ First, Kerberize your [[system]]. Then: 7. There is no Step 2. """]] +#### [[!toggle id="chrome" text="Google Chrome"]] +[[!toggleable id="chrome" text=""" +[Chromium docs](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication) +"""]] + #### [[!toggle id="ie" text="Internet Explorer"]] [[!toggleable id="ie" text=""" -Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? +Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links: + +> Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]] + +* +* +* +* """]]