wikisrc/kerberos/web_browser.mdwn - annotate

Return to web_browser.mdwn CVS log
Up to [NetBSD Developer Wiki] / wikisrc / kerberos
Annotation of wikisrc/kerberos/web_browser.mdwn, revision 1.11

1.1       schmonz     1: First, Kerberize your [[system]]. Then:
                      2: 
1.9       wiki        3: ## Firefox
                      4: 
1.1       schmonz     5: 7. Open Firefox.
1.11    ! cnst        6: 7. Go to <about:config>.
1.1       schmonz     7: 7. Filter for `network.negotiate-auth`.
1.7       schmonz     8: 7. Set `network.negotiate-auth.trusted-uris` (_not_
                      9: `network.negotiate-auth.delegation-uris`) to `netbsd.org`.
1.5       wiki       10: 7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`.
1.1       schmonz    11: 
1.9       wiki       12: 
1.10      schmonz    13: ## Konqueror
1.9       wiki       14: 
1.10      schmonz    15: Possibly the same as Safari?
1.3       wiki       16: 
1.9       wiki       17: 
                     18: ## Safari (Mac OS X)
                     19: 
1.1       schmonz    20: 7. Open Safari.
                     21: 7. There is no Step 2.
                     22: 
1.9       wiki       23: 
                     24: ## Google Chrome
                     25: 
1.8       schmonz    26: 7. Run Chrome [with the `--auth-server-whitelist`
                     27:    argument](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication).
                     28:    For example, in Mac OS X:
                     29: 
                     30:     $ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org"
1.7       schmonz    31: 
1.9       wiki       32: 
                     33: ## Internet Explorer
                     34: 
1.3       wiki       35: Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:
                     36: 
1.6       wiki       37: > Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]]
                     38: 
1.3       wiki       39: * <http://rc.quest.com/topics/mod_auth_vas/howto.php#iexplore>
                     40: * <http://support.microsoft.com/kb/299838>
                     41: * <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx>
1.4       wiki       42: * <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38>
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb