These pages on The NetBSD Foundation's internal Kerberos deployment are being migrated to

First, Kerberize your system. Then:


  1. Open Firefox.
  2. Go to about:config.
  3. Filter for network.negotiate-auth.
  4. Set network.negotiate-auth.trusted-uris (not network.negotiate-auth.delegation-uris) to
  5. (Windows only) Filter for use-sspi, then set network.auth.use-sspi to false.


Possibly the same as Safari?

Safari (Mac OS X)

  1. Open Safari.
  2. There is no Step 2.

Google Chrome

  1. Run Chrome with the --auth-server-whitelist argument. For example, in Mac OS X:

    $ open /Applications/Google\ --args --auth-server-whitelist="*"

Internet Explorer

Internet Explorer can use Microsoft's built-in Kerberos. Anyone know how? Some possibly relevant links:

Sadly, it seems MS IE can only use tickets cached inside LSA (Local Security Authority), and this cache is only created upon logon through winlogon service. Which means that a host/<windows_machine> principal would be needed for each Windows client that wants to cache a TGT. This is only suitable for Intranet-like networks. Maybe there is another way to manage the LSA after login, similar to kinit(1)... --jym