3 files changed, 26 insertions, 0 deletions

diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index 9ab03d4..30da91b 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -22,6 +22,7 @@
 #include "net/base/network_change_notifier.h"
 #include "net/http/http_auth_filter.h"
 #include "net/http/http_auth_handler_factory.h"
+#include "net/http/http_auth_handler_negotiate.h"
 #include "net/url_request/url_request.h"
 
 namespace {
@@ -213,6 +214,18 @@ net::HttpAuthHandlerFactory* IOThread::CreateDefaultAuthHandlerFactory() {
     registry_factory->SetFilter("negotiate", negotiate_filter);
   }
 
+  // Configure the Negotiate settings for the Kerberos SPN.
+  // TODO(cbentzel): Read the related IE registry settings on Windows builds.
+  // TODO(cbentzel): Ugly use of static_cast here.
+  net::HttpAuthHandlerNegotiate::Factory* negotiate_factory =
+      static_cast<net::HttpAuthHandlerNegotiate::Factory*>(
+          registry_factory->GetSchemeFactory("negotiate"));
+  DCHECK(negotiate_factory);
+  if (command_line.HasSwitch(switches::kDisableAuthNegotiateCnameLookup))
+    negotiate_factory->set_disable_cname_lookup(true);
+  if (command_line.HasSwitch(switches::kEnableAuthNegotiatePort))
+    negotiate_factory->set_use_port(true);
+
   return registry_factory;
 }
 
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 8e95e65..a1725e9 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -91,6 +91,12 @@ const char kDisableApplicationCache[]       = "disable-application-cache";
 // mechanism.
 const char kDisableAudio[]                  = "disable-audio";
 
+// Disable CNAME lookup of the host when generating the Kerberos SPN for a
+// Negotiate challenge. See HttpAuthHandlerNegotiate::CreateSPN
+// for more background.
+extern const char kDisableAuthNegotiateCnameLookup[] =
+    "disable-auth-negotiate-cname-lookup";
+
 // Disable limits on the number of backing stores. Can prevent blinking for
 // users with many windows/tabs and lots of memory.
 const char kDisableBackingStoreLimit[]      = "disable-backing-store-limit";
@@ -227,6 +233,11 @@ const char kDumpHistogramsOnExit[]          = "dump-histograms-on-exit";
 // Enables AeroPeek for each tab. (This switch only works on Windows 7).
 const char kEnableAeroPeekTabs[]            = "enable-aero-peek-tabs";
 
+// Enable the inclusion of non-standard ports when generating the Kerberos SPN
+// in response to a Negotiate challenge. See HttpAuthHandlerNegotiate::CreateSPN
+// for more background.
+extern const char kEnableAuthNegotiatePort[] = "enable-auth-negotiate-port";
+
 // Enables the benchmarking extensions.
 const char kEnableBenchmarking[]            = "enable-benchmarking";
 
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index e2383ca..ca48aa7 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -40,6 +40,7 @@ extern const char kDiagnostics[];
 extern const char kDisableAltWinstation[];
 extern const char kDisableApplicationCache[];
 extern const char kDisableAudio[];
+extern const char kDisableAuthNegotiateCnameLookup[];
 extern const char kDisableBackingStoreLimit[];
 extern const char kDisableByteRangeSupport[];
 extern const char kDisableCustomJumpList[];
@@ -80,6 +81,7 @@ extern const char kDnsPrefetchDisable[];
 extern const char kDomAutomationController[];
 extern const char kDumpHistogramsOnExit[];
 extern const char kEnableAeroPeekTabs[];
+extern const char kEnableAuthNegotiatePort[];
 extern const char kEnableBenchmarking[];
 extern const char kEnableExperimentalExtensionApis[];
 extern const char kEnableExperimentalWebGL[];