This is the documentation for CDH 4.7.0.
Documentation for other versions is available at Cloudera Documentation.

Appendix H - Using a Web Browser to Access an URL Protected by Kerberos HTTP SPNEGO

To access an URL protected by Kerberos HTTP SPNEGO, use the following instructions for the browser you are using.

To configure Mozilla Firefox:

  1. Open the low level Firefox configuration page by loading the about:config page.
  2. In the Search text box, enter: network.negotiate-auth.trusted-uris
  3. Double-click the network.negotiate-auth.trusted-uris preference and enter the hostname or the domain of the web server that is protected by Kerberos HTTP SPNEGO. Separate multiple domains and hostnames with a comma.
  4. Click OK.

To configure Internet Explorer:

Follow the instructions given below to configure Internet Explorer to access URLs protected by

Configuring the Local Intranet Domain
  1. Open Internet Explorer and click the Settings "gear" icon in the top-right corner. Select Internet options.
  2. Select the Security tab.
  3. Select the Local Intranet zone and click the Sites button.
  4. Make sure that the first two options, Include all local (intranet) sites not listed in other zones and Include all sites that bypass the proxy server are checked.
  5. Click Advanced and add the names of the domains that are protected by Kerberos HTTP SPNEGO, one at a time, to the list of websites. For example, myhost.example.com. Click Close.
  6. Click OK to save your configuration changes.

Configuring Intranet Authentication
  1. Click the Settings "gear" icon in the top-right corner. Select Internet options.
  2. Select the Security tab.
  3. Select the Local Intranet zone and click the Custom level... button to open the Security Settings - Local Intranet Zone dialog box.
  4. Scroll down to the User Authentication options and select Automatic logon only in Intranet zone.
  5. Click OK to save these changes.

Verifying Proxy Settings

You need to perform the following steps only if you have a proxy server already enabled.
  1. Click the Settings "gear" icon in the top-right corner. Select Internet options.
  2. Select the Connections tab and click LAN Settings.
  3. Verify that the proxy server Address and Port number settings are correct.
  4. Click Advanced to open the Proxy Settings dialog box.
  5. Add the Kerberos-protected domains to the Exceptions field.
  6. Click OK to save any changes.

To configure Google Chrome:

If you are using Windows, no configuration changes are needed for Google Chrome.

On MacOS or Linux, add the --auth-server-whitelist parameter to the google-chrome command. For example, to run Chrome from a Linux prompt, run the google-chrome command as follows,
> google-chrome --auth-server-whitelist = "hostname/domain"