Kerberizing Chrome - Managed Preferences

Bump! How's that for reviving a dead thread. We just pushed this at work. On current versions of Chrome:

defaults write com.google.Chrome AuthServerWhitelist "yourdomain.com"

Here's the script I wrote to push it to Chrome and FF users: http://jeffstrauss.com/?p=1689

Bumping this because the link is dead.

@Matt http://pastebin.com/jFU78WvM

SMH! Sites blocked.

Ill check it out when I get home.

Managing Chrome is a nightmare.

@Matt

#!/bin/sh

# Add trusted realms to Chrome and Firefox configs
# 2013-09-03 @jestr
#
### REPLACE "yourRealm" with your realm! ###
#
currentUser=`ls -l /dev/console | awk {' print $3 '}`
prefExists=`cat /Users/$currentUser/Library/Application Support/Firefox/Profiles/*.default/prefs.js | grep "network.negotiate"`
twPrefExists=`cat /Users/$currentUser/Library/Application Support/Firefox/Profiles/*.default/prefs.js | grep "network.negotiate" | grep "yourRealm"`
isFirefoxRunning=`ps ax | grep "Firefox" | grep -v "+"`
# Add realm to Chrome
if [ ! -f /Users/"$currentUser"/Library/Preferences/com.google.Chrome.plist ]; then
  touch /Users/"$currentUser"/Library/Preferences/com.google.Chrome.plist
fi
defaults write /Users/"$currentUser"/Library/Preferences/com.google.Chrome AuthServerWhitelist "yourRealm"
chown "$currentUser":staff /Users/"$currentUser"/Library/Preferences/com.google.Chrome.plist

# Add/append realm to Firefox
if [[ $isFirefoxRunning ]]; then
osascript <<AppleScript
tell application "Finder"
  activate
  display dialog "Firefox is currently running. Firefox must be quit and this policy must be reinitiated for your browsing sessions to be trusted." default button "OK"
end tell
AppleScript
exit 1
elif [[ $prefExists != "" && $twPrefExists == "" ]]; then
  existingRealms=`cat /Users/$currentUser/Library/Application Support/Firefox/Profiles/*.default/prefs.js | grep "network.negotiate"| cut -d '"' -f 4`
  updatedRealms="$existingRealms, yourRealm"
  grep -v "network.negotiate" /Users/$currentUser/Library/Application Support/Firefox/Profiles/*.default/prefs.js > /tmp/tempKerbFile.js
  echo 'user_pref("network.negotiate-auth.trusted-uris", "'$updatedRealms'");' >> /tmp/tempKerbFile.js
  mv /tmp/tempKerbFile.js /Users/$currentUser/Library/Application Support/Firefox/Profiles/*.default/prefs.js
elif [[ $prefExists == "" ]]; then
  cat /Users/$currentUser/Library/Application Support/Firefox/Profiles/*.default/prefs.js > /tmp/tempKerbFile.js
  echo 'user_pref("network.negotiate-auth.trusted-uris", "yourRealm");' >> /tmp/tempKerbFile.js
  mv /tmp/tempKerbFile.js /Users/$currentUser/Library/Application Support/Firefox/Profiles/*.default/prefs.js
else
exit 0
fi

I had something similar for FF awhile back, this looks great for Chrome.

Can anyone describe what sites or functions you've Kerberized through the browser and how well things are working?

FWIW, we've done:

Value com.google.Chrome AuthServerWhitelist
*.domain.com

Primarily for our SharePoint farm, as this is now our homepage too.

Has anyone had luck with the Manifest? I uploaded the manifest and setup my changes but its not applying.

@Matt][/url I haven't had any luck yet getting this to work. It seems to be the suggested method according to other sites.

I built the pref by hand and then stuck it in the Managed Pref folder. Viola!

@Matt it must be something else wrong. I tried a user profile with no luck. The setting is there it's just not being respected.

When I go to about:policy after sticking the plist in the Managed Preference/User fold it shows the setting. If I put the plist in the preferences folder... nothing. Google you make me angry.

Gents,

You should be able to test via defaults,(mind CFPREFSD though).

Also the URL needs to be like *.macmule.com with the sites you need access to being like; mysite.macmule.com