Use KDC policy to delegate credentials.

Controls whether approval by KDC policy is respected to decide whether to delegate Kerberos tickets.

If this policy is true, HTTP authentication respects approval by KDC policy, i.e. Chrome only delegates credentials if the KDC sets OK-AS-DELEGATE on a service ticket. Please see for more information. Service should also match 'AuthNegotiateDelegateWhitelist' policy.

If this policy is not set or set to false, KDC policy is ignored on supported platforms and 'AuthNegotiateDelegateWhitelist' policy only is respected.

On Windows KDC policy is always respected.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Registry PathSoftware\Policies\Google\ChromeOS
Value NameAuthNegotiateDelegateByKdcPolicy
Enabled Value1
Disabled Value0


Administrative Templates (Computers)

Administrative Templates (Users)