Use KDC policy to delegate credentials.

Controls whether approval by KDC policy is respected to decide whether to delegate Kerberos tickets.

If this policy is true, HTTP authentication respects approval by KDC policy, i.e. Chrome only delegates credentials if the KDC sets OK-AS-DELEGATE on a service ticket. Please see https://tools.ietf.org/html/rfc5896.html for more information. Service should also match 'AuthNegotiateDelegateWhitelist' policy.

If this policy is not set or set to false, KDC policy is ignored on supported platforms and 'AuthNegotiateDelegateWhitelist' policy only is respected.

On Windows KDC policy is always respected.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Registry Hive	HKEY_CURRENT_USER
Registry Path	Software\Policies\Google\ChromeOS
Value Name	AuthNegotiateDelegateByKdcPolicy
Value Type	REG_DWORD
Enabled Value	1
Disabled Value	0

chromeos.admx

Administrative Templates (Computers)

Google
- Google Chrome OS - Default Settings (users can override)
  - Accessibility settings
- Google Chrome OS

Administrative Templates (Users)

Google
- Google Chrome OS - Default Settings (users can override)
- Google Chrome OS