Home / ubuntu / Questions / 61100
Accepted
Bryan
Asked: 2011-09-13 09:09:00 +0800 CST

Use generated Kerberos tickets in Chromium browser

  • 772

Has anyone had luck using Kerberos tickets generated with kinit in Chromium for authenticating to websites?

The company I work for supports Kerberos authentication to internal websites, and I'm able to configure Firefox to use generated Kerberos tickets by configuring network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris but I don't if/how I can do this in Chromium...

chromium

2 Answers

  1. Best Answer

    Authentication options of Chromium are described at http://dev.chromium.org/developers/design-documents/http-authentication

    For Kerberos, you need the command line option --auth-server-whitelist=.example.com

    In Ubuntu, you can add this command line option to the file /etc/chromium-browser/default

    • 10

  2. Create a chrome policy file like below. Please note that Chrome *Whitelist settings have recently changed to *Allowlist.

    cat << HEREDOC | sudo tee /etc/opt/chrome/policies/managed/kerberos.json > /dev/null
{
    "AuthServerAllowlist": "*.yourdomain.com",
    "AuthNegotiateDelegateAllowlist": "*.yourdomain.com"
}
HEREDOC

    (The fancy sudo tee stuff is just to acquire write permission.)

    • 1