Kerberos on macOS

%3CLINGO-SUB%20id%3D%22lingo-sub-1087646%22%20slang%3D%22en-US%22%3EKerberos%20on%20macOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1087646%22%20slang%3D%22en-US%22%3E%3CP%3ETesting%20out%20Edge%20v79.0.309.56%20on%20macOS%20Catalina%2010.15.2.%26nbsp%3B%20When%20i%20hit%20a%20page%20that%20uses%20kerberos%20like%20SharePoint%20i%20get%20prompted%20for%20credentials.%26nbsp%3B%20This%20works%20fine%20in%20Safari.%26nbsp%3B%20Am%20i%20missing%20a%20policy%20setting%20to%20get%20this%20working%20silently%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1097441%22%20slang%3D%22en-US%22%3ERe%3A%20Kerberos%20on%20macOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1097441%22%20slang%3D%22en-US%22%3E%3CP%3EI'd%20also%20like%20to%20figure%20this%20out%2C%20as%20I%20am%20able%20to%20do%20Kerberos%20tickets%20with%20Chrome%20using%20the%20following%20commands%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3Edefaults%20write%20com.google.Chrome%20AuthServerWhitelist%20%E2%80%9C*.domain.example%E2%80%9D%3C%2FP%3E%3CP%20class%3D%22p1%22%3Edefaults%20write%20com.google.Chrome%20AuthNegotiateDelegateWhitelist%20%E2%80%9C*.domain.example%E2%80%9D%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3EWhat%20is%20the%20equivalent%20for%20Edge%20on%20MacOS%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1099803%22%20slang%3D%22en-US%22%3ERe%3A%20Kerberos%20on%20macOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1099803%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F505567%22%20target%3D%22_blank%22%3E%40jason411%3C%2FA%3E%26nbsp%3BI%20figured%20it%20out.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3Edefaults%20write%20com.microsoft.Edge%20RestoreOnStartup%20-int%201%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3Edefaults%20write%20com.microsoft.Edge%20AuthServerAllowlist%20*.domain.name%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E(*.domain.name%20%3D%20your%20domain%20name.%20so%2C%20like%20if%20you%20were%20contoso%20it%20would%20be%20*.contoso.com)%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3ERun%20those%20in%20Terminal%2C%20Kerberos%20auth%20will%20automagically%20start%20working.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2246721%22%20slang%3D%22en-US%22%3ERe%3A%20Kerberos%20on%20macOS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2246721%22%20slang%3D%22en-US%22%3Ehad%20the%20same%20issue%20as%20jason411.%20For%20me%20it%20started%20to%20work%20after%20executing%20kinit%20at%20the%20command-line.%20Not%20sure%20if%20there%20was%20an%20issue%20with%20Kerberos%20SSO.%3C%2FLINGO-BODY%3E
New Contributor

Testing out Edge v79.0.309.56 on macOS Catalina 10.15.2.  When i hit a page that uses kerberos like SharePoint i get prompted for credentials.  This works fine in Safari.  Am i missing a policy setting to get this working silently?

 

Thanks

4 Replies

I'd also like to figure this out, as I am able to do Kerberos tickets with Chrome using the following commands:

 

defaults write com.google.Chrome AuthServerWhitelist “*.domain.example”

defaults write com.google.Chrome AuthNegotiateDelegateWhitelist “*.domain.example”

 

What is the equivalent for Edge on MacOS?

@jason411 I figured it out.

 

defaults write com.microsoft.Edge RestoreOnStartup -int 1

defaults write com.microsoft.Edge AuthServerAllowlist *.domain.name

 

(*.domain.name = your domain name. so, like if you were contoso it would be *.contoso.com)

 

Run those in Terminal, Kerberos auth will automagically start working.

had the same issue as jason411. For me it started to work after adjusting AuthServerAllowlist and executing kinit at the command-line. Not sure if there was an issue with Kerberos SSO.

This worked for me.
Catalina 10.15.7
Edge Version 90.0.818.39 (Official build) (64-bit)