Controls whether approval by KDC policy is respected to decide whether to delegate Kerberos tickets.
If this policy is true, HTTP authentication respects approval by KDC policy, i.e. Chrome only delegates credentials if the KDC sets OK-AS-DELEGATE on a service ticket. Please see https://tools.ietf.org/html/rfc5896.html for more information. Service should also match 'AuthNegotiateDelegateWhitelist' policy.
If this policy is not set or set to false, KDC policy is ignored on supported platforms and 'AuthNegotiateDelegateWhitelist' policy only is respected.
On Windows KDC policy is always respected.
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Google\ChromeOS |
Value Name | AuthNegotiateDelegateByKdcPolicy |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |