Kerberos setup - Browser Configuration

Owned by Mari Fuglem
Last updated: Jan 15, 2024
2 min read

After uploading the keytab file, you will be redirected to the Kerberos Authentication Test page.

If you're lucky, this test will succeed on your first try:

Internet Explorer

In our case, we got a failing test. Internet Explorer has not been configured to send Kerberos tickets to http://issues.example.com. It falls back to sending NTLM tickets instead (which is seen as a username and password popup)

We need to make sure http://issues.example.com is placed in the Local Intranet Security Zone since that is a requirement for Internet Explorer to send Kerberos tickets.

 

The zone settings are usually set enterprise-wide using Group Policies. Here's the GPO we used to place *.example.com and https://issues.example.com in the Local Intranet Zone (Zone 1):

Other browsers

For more details on configuring Zone settings, and configuring Chrome and Firefox on Windows, Mac, and Linux, see our Browser Configuration Guide.