*These pages on The NetBSD Foundation's internal Kerberos deployment are being migrated to <https://www.NetBSD.org/developers/kerberos.html>.*

First, Kerberize your [[system]]. Then:

## Firefox

7. Open Firefox.
7. Go to <a><tt>about:config</tt></a>.
7. Filter for `network.negotiate-auth`.
7. Set `network.negotiate-auth.trusted-uris` (_not_
`network.negotiate-auth.delegation-uris`) to `netbsd.org`.
7. **(Windows only)** Filter for `use-sspi`, then set `network.auth.use-sspi` to `false`.


## Konqueror

Possibly the same as Safari?


## Safari (Mac OS X)

7. Open Safari.
7. There is no Step 2.


## Google Chrome

7. Run Chrome [with the `--auth-server-whitelist`
   argument](http://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication).
   For example, in Mac OS X:

    $ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org"


## Internet Explorer

Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:

> Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a `host/<windows_machine>` principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to [[!template id=man name=kinit section=1]]... --[[jym]]

* <http://rc.quest.com/topics/mod_auth_vas/howto.php#iexplore>
* <http://support.microsoft.com/kb/299838>
* <http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx>
* <http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38>