Google Chrome on Mac OS X with Kerberos

With MacOS 10.11 (El Capitan) (maybe even 10.10 not sure about this) you run the following commands in your Terminal:

$ defaults write com.google.Chrome AuthServerWhitelist "*.example.com"
$ defaults write com.google.Chrome AuthNegotiateDelegateWhitelist "*.example.com" 

Then you restart (if it is running) Google Chrome and et voila it should accept the Kerberos ticket on your system.

This should persist updates.


Chrome's Kerberos website whitelist can be configured system-wide using policies. See Mac Quick Start, then configure AuthServerWhitelist in the policy.


Indeed it is, you have to white list the Websites you like through a command line argument.

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --auth-server-whitelist="example.com"

You can use asterisk to include sub domains: "*example.com".

As this is cumbersome to do every day, you can move the executable to Google Chrome0 and afterwards put this script at the place of Google Chrome (don't forget to chmod +x Google\ Chrome):

#!/bin/sh$
ABSPATH=$(cd "$(dirname "$0")"; pwd)$
"$ABSPATH/Google Chrome0" --auth-server-whitelist="*example.com"

This will most probably be overwritten if you update Chrome.