-auth-server-whitelist remove in favour of prefs, but the pref doesn't seem to work
471 views
Skip to first unread message
Mark Jaroski
Mar 23, 2015, 11:12:05 AM3/23/15
to chromium...@chromium.org
Hi,
According to chrome/common/pref_names.cc this should work, but it doesn't.
I see from this bug report that the command line flags for setting up kerberos authentication have been removed:
But it seems that the cooresponding settings were not added to the settings UI, as the bug report seemed to have called for. At least I can't find them.
I've also tried adding the following in the Preferences file:
According to chrome/common/pref_names.cc this should work, but it doesn't.
Is it possible that the bug was only half fixed, ie. the flag was removed, but the preference wasn't added?
thanks,
-mark
Chris Bentzel
Mar 23, 2015, 11:15:40 AM3/23/15
to uch...@gmail.com, chromium...@chromium.org, net...@chromium.org
--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
Asanka Herath
Mar 23, 2015, 11:50:26 AM3/23/15
to Chris Bentzel, uch...@gmail.com, chromium...@chromium.org, net...@chromium.org
On Mon, Mar 23, 2015 at 11:15 AM Chris Bentzel <cben...@chromium.org> wrote:
On Mon, Mar 23, 2015 at 10:12 AM Mark Jaroski <uch...@gmail.com> wrote:Hi,I see from this bug report that the command line flags for setting up kerberos authentication have been removed:But it seems that the cooresponding settings were not added to the settings UI, as the bug report seemed to have called for. At least I can't find them.I've also tried adding the following in the Preferences file:
According to chrome/common/pref_names.cc this should work, but it doesn't.Is it possible that the bug was only half fixed, ie. the flag was removed, but the preference wasn't added?
The authentication related preferences are read from policy settings, registry and the "Local State" file. The per-profile "Preferences" file isn't used because these settings are per-machine.
There's no settings UI planned for tweaking these settings. The supported method of managing these is to use managed policy (https://support.google.com/chrome/a/answer/187202).
For an individual machine (for debugging and testing purposes), the easiest way to set the AuthServerWhitelist and AuthNegotiateDelegateWhitelist settings is to set the corresponding policy registry keys. They keys are noted in:
--thanks,-mark
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+u...@chromium.org.
To post to this group, send email to net...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAAuiYA9qRUiGRn%3DCSP3OKOpK4qwjGV0UnjDfaSO84G1BGte2iQ%40mail.gmail.com.
Mark Jaroski
Mar 23, 2015, 12:00:18 PM3/23/15
to chromium...@chromium.org, cben...@chromium.org, uch...@gmail.com, net...@chromium.org
On Monday, 23 March 2015 16:50:26 UTC+1, Asanka wrote:
The authentication related preferences are read from policy settings, registry and the "Local State" file. The per-profile "Preferences" file isn't used because these settings are per-machine.
Well, that's sort of reasonable, since I suppose I might have a machine somewhere that I never take to work, but my desktop and laptop are both here with me, so, well....
There's no settings UI planned for tweaking these settings. The supported method of managing these is to use managed policy (https://support.google.com/chrome/a/answer/187202).
Wait, doesn't that effectively make this a feature for paid users only? I'm under the impression that one has to pay to use managed policy, no?
For an individual machine (for debugging and testing purposes), the easiest way to set the AuthServerWhitelist and AuthNegotiateDelegateWhitelist settings is to set the corresponding policy registry keys. They keys are noted in:
I'm running a Linux, so no registry. :)
Kerberos worked fine with -auth-server-whitelist, for what it's worth.
Ryan Sleevi
Mar 23, 2015, 12:11:10 PM3/23/15
to Mark Jaroski, net-dev, Chris Bentzel, chromium...@chromium.org
On Mar 23, 2015 9:00 AM, "Mark Jaroski" <uch...@gmail.com> wrote:
> Wait, doesn't that effectively make this a feature for paid users only? I'm under the impression that one has to pay to use managed policy, no?
No.
Mark Jaroski
Mar 23, 2015, 12:25:42 PM3/23/15
to chromium...@chromium.org, uch...@gmail.com, net...@chromium.org, cben...@chromium.org, rsl...@chromium.org
Brilliant! It works.
Following the article I did this:
sudo mkdir -p /etc/opt/chrome/policies/{managed,recommended}
sudo chmod a+rX /etc/opt
sudo chmod -w /etc/opt/chrome/policies/managed
touch /etc/opt/chrome/policies/managed/test_policy.json
Next I put this in /etc/opt/chrome/policies/managed/test_policy.json
and restarted Chrome.
Thanks!
Chris Bentzel
Mar 23, 2015, 12:33:42 PM3/23/15
to Mark Jaroski, chromium...@chromium.org, net...@chromium.org, rsl...@chromium.org
Thanks for the feedback, Mark. I think it might help to update http://www.chromium.org/developers/design-documents/http-authentication if anyone wants to get to that...
Mark Jaroski
Mar 23, 2015, 12:38:35 PM3/23/15
to Chris Bentzel, chromium...@chromium.org, net...@chromium.org, rsl...@chromium.org
I'd be happy to do it if I had access...
Asanka Herath
Mar 23, 2015, 6:42:07 PM3/23/15
to Mark Jaroski, Chris Bentzel, chromium...@chromium.org, net...@chromium.org, rsl...@chromium.org
I updated the page.
--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+u...@chromium.org.
To post to this group, send email to net...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAONJMd7O3LNZefsj%3DZne1np9bjvOxd1R%3D4ib4kThQzM2fTodGg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages