Setting the policy to Enabled means HTTP authentication respects approval by KDC policy. In other words, Google Chrome delegates user credentials to the service being accessed if the KDC sets OK-AS-DELEGATE on the service ticket. See RFC 5896 ( https://tools.ietf.org/html/rfc5896.html ). The service should also be allowed by AuthNegotiateDelegateAllowlist.
Setting the policy to Disabled or leaving it unset means KDC policy is ignored on supported platforms and only AuthNegotiateDelegateAllowlist is respected.
On Microsoft® Windows®, KDC policy is always respected.
Registry Hive | HKEY_CURRENT_USER |
Registry Path | Software\Policies\Google\ChromeOS |
Value Name | AuthNegotiateDelegateByKdcPolicy |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |