Support Kerberos on Android

components/policy/resources/policy_templates.json

 {
 # policy_templates.json - Metafile for policy templates
 #
 # The content of this file is evaluated as a Python expression.
 #
 # This file is used as input to generate the following policy templates:
 # ADM, ADMX+ADML, MCX/plist and html documentation.
 #
 # Policy templates are user interface definitions or documents about the
 # policies that can be used to configure Chrome. Each policy is a name-value
@@ skipping 105 matching lines @@
 #   templates and documentation. The policy definition list that Chrome sees
 #   will include policies marked with 'future'. If a WIP policy isn't meant to
 #   be seen by the policy providers either, the 'supported_on' key should be set
 #   to an empty list.
 #
 # IDs:
 #   Since a Protocol Buffer definition is generated from this file, unique and
 #   persistent IDs for all fields (but not for groups!) are needed. These are
 #   specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
 #   because doing so would break the deployed wire format!
-#   For your editing convenience: highest ID currently used: 301
+#   For your editing convenience: highest ID currently used: 302
 #
 # Placeholders:
 #   The following placeholder strings are automatically substituted:
 #     $1 -> Google Chrome / Chromium
 #     $2 -> Google Chrome OS / Chromium OS
 #     $3 -> Google Chrome Frame / Chromium Frame
 #     $6 is reserved for doc_writer
 #
 # Device Policy:
 #   An additional flag device_only (optional, defaults to False) indicates
@@ skipping 1497 matching lines @@
     {
       'name': 'HTTPAuthentication',
       'type': 'group',
       'caption': '''Policies for HTTP Authentication''',
       'desc': '''Policies related to integrated HTTP authentication.''',
       'policies': [
         {
           'name': 'AuthSchemes',
           'type': 'string',
           'schema': { 'type': 'string' },
-          'supported_on': ['chrome.*:9-'],
+          'supported_on': ['chrome.*:9-','android:44-'],
           'features': {
             'dynamic_refresh': False,
             'per_profile': False,
           },
           'example_value': 'basic,digest,ntlm,negotiate',
           'id': 26,
           'caption': '''Supported authentication schemes''',
           'desc': '''Specifies which HTTP Authentication schemes are supported by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
 
           Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas.
 
           If this policy is left not set, all four schemes will be used.''',
         },
         {
           'name': 'DisableAuthNegotiateCnameLookup',
           'type': 'main',
           'schema': { 'type': 'boolean' },
-          'supported_on': ['chrome.*:9-'],
+          'supported_on': ['chrome.*:9-','android:44-'],
           'features': {
             'dynamic_refresh': False,
             'per_profile': False,
           },
           'example_value': False,
           'id': 27,
           'caption': '''Disable CNAME lookup when negotiating Kerberos authentication''',
           'desc': '''Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.
 
           If you enable this setting, CNAME lookup will be skipped and the server name will be used as entered.
@@ skipping 15 matching lines @@
           'desc': '''Specifies whether the generated Kerberos SPN should include a non-standard port.
 
           If you enable this setting, and a non-standard port (i.e., a port other than 80 or 443) is entered, it will be included in the generated Kerberos SPN.
 
           If you disable this setting or leave it not set, the generated Kerberos SPN will not include a port in any case.''',
         },
         {
           'name': 'AuthServerWhitelist',
           'type': 'string',
           'schema': { 'type': 'string' },
-          'supported_on': ['chrome.*:9-'],
+          'supported_on': ['chrome.*:9-','android:44-'],
           'features': {
             'dynamic_refresh': False,
             'per_profile': False,
           },
           'example_value': '*example.com,foobar.com,*baz',
           'id': 29,
           'caption': '''Authentication server whitelist''',
           'desc': '''Specifies which servers should be whitelisted for integrated authentication. Integrated authentication is only enabled when <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> receives an authentication challenge from a proxy or from a server which is in this permitted list.
 
           Separate multiple server names with commas. Wildcards (*) are allowed.
 
           If you leave this policy not set <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will try to detect if a server is on the Intranet and only then will it respond to IWA requests.  If a server is detected as Internet then IWA requests from it will be ignored by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.''',
         },
         {
           'name': 'AuthNegotiateDelegateWhitelist',
           'type': 'string',
           'schema': { 'type': 'string' },
-          'supported_on': ['chrome.*:9-'],
+          'supported_on': ['chrome.*:9-','android:44-'],
           'features': {
             'dynamic_refresh': False,
             'per_profile': False,
           },
           'example_value': 'foobar.example.com',
           'id': 30,
           'caption': '''Kerberos delegation server whitelist''',
           'desc': '''Servers that <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> may delegate to.
 
           Separate multiple server names with commas. Wildcards (*) are allowed.
@@ skipping 10 matching lines @@
             'per_profile': False,
           },
           'example_value': 'libgssapi_krb5.so.2',
           'id': 31,
           'caption': '''GSSAPI library name''',
           'desc': '''Specifies which GSSAPI library to use for HTTP Authentication. You can set either just a library name, or a full path.
 
           If no setting is provided, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will fall back to using a default library name.''',
         },
         {
+          'name': 'AuthAndroidNegotiateAccountType',
+          'type': 'string',
+          'schema': { 'type': 'string' },
+          'supported_on': ['android:44-'],
+          'features': {
+            'dynamic_refresh': False,
+            'per_profile': False,
+          },
+          'example_value': 'com.example.kerberos',
+          'id': 302,
+          'caption': '''Account Type for Negotiate Authentication''',
+          'desc': '''Specifies the account type of the accounts provided by the Android authentication app that supports HTTP Negotiate authentication (e.g. Kerberos authentication).
+
+          If no setting is provided then Negotiate Authentication will be disabled on Android.''',
+        },
+        {
           'name': 'AllowCrossOriginAuthPrompt',
           'type': 'main',
           'schema': { 'type': 'boolean' },
           'supported_on': ['chrome.*:13-'],
           'features': {
             'dynamic_refresh': True,
             'per_profile': False,
           },
           'example_value': False,
           'id': 89,
@@ skipping 5727 matching lines @@
       'desc': '''Text appended in parentheses next to the policies top-level container to indicate that those policies are of the Recommended level''',
       'text': 'Default Settings (users can override)',
     },
     'doc_complex_policies_on_windows': {
       'desc': '''Text pointing the user to a help article for complex policies on Windows''',
       'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POLICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>''',
     },
   },
   'placeholders': [],
 }