Back in February, some patches were posted to the list (http://mailman.nginx.org/pipermail/nginx/2012-Febr...) that made the spnego module for nginx partially work. It did not work on non-standard ports and did not fall back to GSS Negotiate properly. It also still relied on spnegohelp, an opaquely licensed sample implementation from Microsoft. I've made a variety of changes to the module, available at https://github.com/stnoonan/spnego-http-auth-nginx-module At this point, I've replaced usage of apache+mod-auth-kerb+unicorn with nginx+spnego-http-auth-nginx-module+unicorn and resolved at least one of the production issues I was running into. There are still quite a few rough spots in this code, so if anyone else would like to test and submit bugs, I'd be happy to actually investigate and fix them as needed. --Sean
on 2012-09-27 20:09
on 2012-09-27 21:33
On Thu, Sep 27, 2012 at 11:09 AM, Sean Noonan
<stnoonan@obsolescence.net> > I've made a variety of changes to the
module, available at
> https://github.com/stnoonan/spnego-http-auth-nginx-module
Sean - thank you for helping improve this, I haven't had much luck
getting people to fix the issues/test it/etc. since I originally
posted it (even though I had initial interest in it)
As such I've never actually used the module myself as our intranet is
so convoluted even getting Apache to work is a hassle. But if I can
get Apache to work and figure out the right settings, this might
finally be the work that makes it work properly for nginx! :)
Thanks!
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.