Return to web_browser.mdwn CVS log

Up to [NetBSD Developer Wiki] / wikisrc / kerberos

Annotation of wikisrc/kerberos/web_browser.mdwn, revision 1.6

1.1       schmonz     1: First, Kerberize your [[system]]. Then:
                      2: 
                      3: #### [[!toggle id="firefox" text="Firefox"]]
                      4: [[!toggleable id="firefox" text="""
                      5: 7. Open Firefox.
                      6: 7. Go to [about:config](about:config).
                      7: 7. Filter for `network.negotiate-auth`.
1.2       schmonz     8: 7. Set `network.negotiate-auth.trusted-uris` and
                      9: `network.negotiate-auth.delegation-uris` to `netbsd.org`.
1.5       wiki       10: 7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`.
1.1       schmonz    11: """]]
                     12: 
1.3       wiki       13: #### [[!toggle id="konqueror" text="Konqueror"]]
                     14: [[!toggleable id="konqueror" text="""
                     15: Possibly the same as [[!toggle id="safari" text="Safari"]]?
                     16: """]]
                     17: 
1.1       schmonz    18: #### [[!toggle id="safari" text="Safari (Mac OS X)"]]
                     19: [[!toggleable id="safari" text="""
                     20: 7. Open Safari.
                     21: 7. There is no Step 2.
                     22: """]]
                     23: 
                     24: #### [[!toggle id="ie" text="Internet Explorer"]]
                     25: [[!toggleable id="ie" text="""
1.3       wiki       26: Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:
                     27: 
1.6     ! wiki       28: > Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]]
        !            29: 
1.3       wiki       30: * <http://rc.quest.com/topics/mod_auth_vas/howto.php#iexplore>
                     31: * <http://support.microsoft.com/kb/299838>
                     32: * <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx>
1.4       wiki       33: * <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38>
1.1       schmonz    34: """]]