From ab212eaea2323588b46051ab3c8bea837fac29e2 Mon Sep 17 00:00:00 2001
From: Caleb Callaway <cqcallaw@brainvitamins.net>
Date: Mon, 13 Mar 2023 21:30:33 -0700
Subject: [PATCH] blog: SPNEGO in Brave

---
 content/blog/brave-spnego.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 content/blog/brave-spnego.md

diff --git a/content/blog/brave-spnego.md b/content/blog/brave-spnego.md
new file mode 100644
index 0000000..0bc1665
--- /dev/null
+++ b/content/blog/brave-spnego.md
@@ -0,0 +1,35 @@
+---
+title: "SPNEGO in Brave"
+date: 2023-03-13T21:20:37-07:00
+draft: false
+author: "Caleb Callaway"
+tags: ["tech", "linux", "security", "kerberos"]
+---
+
+## 1. Create config directory
+
+```bash
+sudo mkdir -p /etc/brave/policies/managed/
+```
+
+## 2. Create policy file
+
+Create `/etc/brave/policies/managed/spnego.json` with the following contents, editing domain names as needed:
+
+```bash
+{
+  "AuthServerAllowlist" : "*.brainvitamins.net",
+  "AuthNegotiateDelegateAllowlist" : "*.brainvitamins.net",
+  "EnableAuthNegotiatePort" : true
+}
+
+```
+
+## 3. Restart
+
+Restart the browser. Verify the policy is active by visiting [brave://policy](brave://policy)
+
+## References
+
+* https://support.brave.com/hc/en-us/articles/360039248271-Group-Policy
+* https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html