If you are on a network using Kerberos for authentication, you should try the following.
Open about:config in Firefox and navigate via the filter 'network.negotiate-auth'. You will see a handful of settings related to Kerberos / GSSAPI Authentication.
The two of interest will be 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.trusted-uris'. It sounds like all of the sites where you need to authenticate are under one domain, so the following settings should work for you.
network.negotiate-auth.delegation-uris => http://
network.negotiate-auth.trusted-uris => blah.com
If you need to set multiple sites/domains, then you would modify the latter to be the following.
network.negotiate-auth.trusted-uris => a.blah.com,b.blah.com,c.blah.com
One caveat that you should beware is the delegation uri should ideally be using https instead of http. If you are in a closed private network this typically not a big deal, but you'll be opening yourself up to man-in-the-middle exploits against sites that are accessed over the internet. If you want both allowed, you can use the following.
network.negotiate-auth.delegation-uris => http://,https://
Regarding the comment by brendan, the values for network.negotiate-auth.trusted-uris are the same as you would set for network.automatic-ntlm-auth.trusted-uris to enable NTLM. On most servers using windows 2003 or later; you will see that Negotiate is attempted before NTLM.
Firefox can apparently do the authentication, but I've never been able to get it to work so I just use IETab too. – None – 2009-06-05T20:51:58.590