caption: Use KDC policy to delegate credentials.
default: false
desc: |-
Setting the policy to Enabled means HTTP authentication respects approval by KDC policy. In other words, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> delegates user credentials to the service being accessed if the KDC sets <ph name="OK_AS_DELEGATE">OK-AS-DELEGATE</ph> on the service ticket. See RFC 5896 ( https://tools.ietf.org/html/rfc5896.html ). The service should also be allowed by <ph name="AUTH_NEGOTIATE_DELEGATE_ALLOWLIST_POLICY_NAME">AuthNegotiateDelegateAllowlist</ph>.
Setting the policy to Disabled or leaving it unset means KDC policy is ignored on supported platforms and only <ph name="AUTH_NEGOTIATE_DELEGATE_ALLOWLIST_POLICY_NAME">AuthNegotiateDelegateAllowlist</ph> is respected.
On <ph name="MS_WIN_NAME">Microsoft® Windows®</ph>, KDC policy is always respected.
example_value: true
features:
dynamic_refresh: true
per_profile: false
items:
- caption: Use KDC policy approval during HTTP authentication
value: true
- caption: Ignore KDC policy approval during HTTP authentication
value: false
owners:
- file://components/policy/OWNERS
- [email protected]
schema:
type: boolean
supported_on:
- chrome.linux:74-
- chrome.mac:74-
- chrome_os:74-
tags:
- website-sharing
type: main