Intranet/Intranet Client Configuration

WORK IN PROGRESS

Mediawiki is accessed via a web browser and so clients should not require any configuration. However, SSL certificates and Kerberos integration may need some attention at the client end for an intranet.

SSL/TLS certificates
Assuming that the wiki is using a TLS certificate that is signed by the corporate CA then the client system must also be able to trust that CA. Chrome and Chromium will use the Windows trust store which should include the Enterprise CA. Firefox on Windows does not yet but has support for it which is disabled by default. Set this in about:config

Kerberos
The reference build enforces Kerberos authentication on the web server and by default does not allow failing over to basic auth. This section covers how to enable Kerberos at the client.

IE
.... Group Policy ....

Firefox
On both Windows and Linux, about:config (note leading dot):

Chrom{e|ium}
.... Group Policy ....

Linux
Create a file such as /etc/opt/chrome/policies/managed/local_policy.json: