Google Chrome with Active Directory Kerberos on Mac OS
Lately at work we’ve been converting almost everything to use Kerberos authentication. This allows machines that are logged into our Active Directory domain to automatically login to various web resources. This seems to work fine on Mac OS with Safari with zero config. Firefox takes a config change but Google Chrome has been a huge problem child. Luckily this has been fixed in recent versions of Chrome to allow us to set the settings via “defaults write”. There was a shoddy hack being described some time ago that you could load up Workgroup Manager and set the Chrome policy there, but the problem is that you can’t use Workgroup Manager if your Mac is in an Active Directory domain. So to make this work, open a Terminal window and toss this at it:
defaults write com.google.Chrome AuthServerWhitelist “*.domain.com”
defaults write com.google.Chrome AuthNegotiateDelegateWhitelist “*.domain.com”
Replace domain.com with whatever domain you need. You can specify multiple domains separated with commas.