Configuring Chrome to work with Kerberos on Windows can be done in more than one way.
By default, Chrome uses the same registry settings as Edge/Internet Explorer on Windows to determine if sending Kerberos tickets to a site is allowed.
This means that you usually don't need to configure Chrome explicitly if the site has been added to the Local Intranet Zone list.
...
If Chrome policies state "No policies set," Chrome on Windows will instead use Local Intranet Zone. Your site must be added to that list for Chrome to work with Kerberos on Windows. Chrome on other operating systems requires policies to work with Kerberos.
...
AuthSchemes: Specifies which HTTP authentication schemes are supported by Google Chrome. Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Kerberos requires 'negotiate.' If this policy is left unset, all four schemes will be available.
AuthServerAllowlist: Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when Google Chrome receives an authentication challenge from a proxy or from a server that is in this permitted list, e.g.,
*.example.comor serversjira.example.com,confluence.example.commust be added. Separate multiple server names with commas. When unset, Chrome will try to detect if a server is on the Intranet, and only then will it respond to IWA requests. IWA requests from non-intranet servers will be ignored by Chrome.
...
Using short-form URLs
| Info |
|---|
Note that when accessing the application using the short format URL (http://issues), browsers will still look for an SPN in the FQDN format (issues.example.com) |
...