In order for Kerberos authentication (without a logon prompt)
to work correctly, you must configure a registry key in the client
PC to hold the Kerberos delegation server whitelist for Chrome. This
whitelist is the list of host names of each Niagara station you intend to authenticate to.
- To add the key, first start the Registry Editor (... regedit).
CAUTION: Incorrectly editing the registry
may damage your system. Before making changes to the registry, you
should back up any valued data on your computer. Refer to the Registry
Editor Help for complete details on configuring the registry.
- Expand the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google directories and create a new Key named: “Chrome”.
- Edit the newly created Chrome key to add a new String Value named: “AuthNegotiateDelegateWhitelist”.
- Edit the new string value to configure its Value
data field with a comma separated list (without quotes)
of the host names of each station you would like to authenticate
to.
For example: "host1.domain.com,host2.domain.com".
- Close the registry window.
Google Chrome is now configured for Kerberos authentication.
You should be able to log in to stations without being prompted for
a user name and password.