File:  [NetBSD Developer Wiki] / wikisrc / kerberos / web_browser.mdwn
Revision 1.12: download - view: text, annotated - select for diffs
Mon Sep 2 21:32:34 2019 UTC (4 years, 3 months ago) by cnst
Branches: MAIN
CVS tags: HEAD
kerberos/web_browser: let us try [[about:config]] in place of <about:config> (originally, [about:config](about:config) resulted in <a>about:config</a>, now it renders as <about:config>)

First, Kerberize your [[system]]. Then:

## Firefox

7. Open Firefox.
7. Go to [[about:config]].
7. Filter for `network.negotiate-auth`.
7. Set `network.negotiate-auth.trusted-uris` (_not_
`network.negotiate-auth.delegation-uris`) to ``.
7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`.

## Konqueror

Possibly the same as Safari?

## Safari (Mac OS X)

7. Open Safari.
7. There is no Step 2.

## Google Chrome

7. Run Chrome [with the `--auth-server-whitelist`
   For example, in Mac OS X:

    $ open /Applications/Google\ --args --auth-server-whitelist="*"

## Internet Explorer

Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:

> Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]]

* <>
* <>
* <>
* <>

CVSweb for NetBSD wikisrc <> software: FreeBSD-CVSweb