wikisrc/kerberos/web_browser.mdwn - diff

Return to web_browser.mdwn CVS log

Up to [NetBSD Developer Wiki] / wikisrc / kerberos

Diff for /wikisrc/kerberos/web_browser.mdwn between versions 1.8 and 1.9

version 1.8, 2011/07/31 22:29:30	version 1.9, 2013/02/16 11:52:57
Line 1	Line 1
First, Kerberize your [[system]]. Then:	First, Kerberize your [[system]]. Then:

#### [[!toggle id="firefox" text="Firefox"]]	## Firefox
[[!toggleable id="firefox" text="""
7. Open Firefox.	7. Open Firefox.
7. Go to [about:config](about:config).	7. Go to [about:config](about:config).
7. Filter for `network.negotiate-auth`.	7. Filter for `network.negotiate-auth`.
7. Set `network.negotiate-auth.trusted-uris` (_not_	7. Set `network.negotiate-auth.trusted-uris` (_not_
`network.negotiate-auth.delegation-uris`) to `netbsd.org`.	`network.negotiate-auth.delegation-uris`) to `netbsd.org`.
7. (Windows only) Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`.	7. (Windows only) Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`.
"""]]

#### [[!toggle id="konqueror" text="Konqueror"]]
[[!toggleable id="konqueror" text="""	### Konqueror

Possibly the same as [[!toggle id="safari" text="Safari"]]?	Possibly the same as [[!toggle id="safari" text="Safari"]]?
"""]]

#### [[!toggle id="safari" text="Safari (Mac OS X)"]]
[[!toggleable id="safari" text="""	## Safari (Mac OS X)

7. Open Safari.	7. Open Safari.
7. There is no Step 2.	7. There is no Step 2.
"""]]

#### [[!toggle id="chrome" text="Google Chrome"]]
[[!toggleable id="chrome" text="""	## Google Chrome

7. Run Chrome [with the `--auth-server-whitelist`	7. Run Chrome [with the `--auth-server-whitelist`
argument](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication).	argument](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication).
For example, in Mac OS X:	For example, in Mac OS X:

$ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org"	$ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org"
"""]]

#### [[!toggle id="ie" text="Internet Explorer"]]
[[!toggleable id="ie" text="""	## Internet Explorer

Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:	Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:

> Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]]	> Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]]
Line 40 Internet Explorer can use Microsoft's bu	Line 40 Internet Explorer can use Microsoft's bu
* <http://support.microsoft.com/kb/299838>	* <http://support.microsoft.com/kb/299838>
* <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx>	* <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx>
* <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38>	* <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38>
"""]]

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb

Removed from v.1.8
changed lines
	Added in v.1.9