These pages on The NetBSD Foundation's internal Kerberos deployment are being migrated to https://www.NetBSD.org/developers/kerberos.html.
First, Kerberize your system. Then:
Firefox
- Open Firefox.
- Go to about:config.
- Filter for
network.negotiate-auth
. - Set
network.negotiate-auth.trusted-uris
(notnetwork.negotiate-auth.delegation-uris
) tonetbsd.org
. - (Windows only) Filter for
use-sspi
, then setnetwork.auth.use-sspi
tofalse
.
Konqueror
Possibly the same as Safari?
Safari (Mac OS X)
- Open Safari.
- There is no Step 2.
Google Chrome
Run Chrome with the
--auth-server-whitelist
argument. For example, in Mac OS X:$ open /Applications/Google\ Chrome.app --args --auth-server-whitelist="*.netbsd.org"
Internet Explorer
Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:
Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a
host/<windows_machine>
principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to kinit(1)... --jym
- http://rc.quest.com/topics/mod_auth_vas/howto.php#iexplore
- http://support.microsoft.com/kb/299838
- http://technet.microsoft.com/en-us/library/cc779070(WS.10).aspx
- http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38