Use KDC policy to delegate credentials.

Controls whether approval by KDC policy is respected to decide whether to delegate Kerberos tickets.

If this policy is true, HTTP authentication respects approval by KDC policy, i.e. Chrome only delegates credentials if the KDC sets OK-AS-DELEGATE on a service ticket. Please see https://tools.ietf.org/html/rfc5896.html for more information. Service should also match 'AuthNegotiateDelegateWhitelist' policy.

If this policy is not set or set to false, KDC policy is ignored on supported platforms and 'AuthNegotiateDelegateWhitelist' policy only is respected.

On Windows KDC policy is always respected.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\ChromeOS
Value NameAuthNegotiateDelegateByKdcPolicy
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)