Back in February, some patches were posted to the list (http://mailman.nginx.org/pipermail/nginx/2012-Febr...) that made the spnego module for nginx partially work. It did not work on non-standard ports and did not fall back to GSS Negotiate properly. It also still relied on spnegohelp, an opaquely licensed sample implementation from Microsoft. I've made a variety of changes to the module, available at https://github.com/stnoonan/spnego-http-auth-nginx-module At this point, I've replaced usage of apache+mod-auth-kerb+unicorn with nginx+spnego-http-auth-nginx-module+unicorn and resolved at least one of the production issues I was running into. There are still quite a few rough spots in this code, so if anyone else would like to test and submit bugs, I'd be happy to actually investigate and fix them as needed. --Sean
on 2012-09-27 20:09
on 2012-09-27 21:33
On Thu, Sep 27, 2012 at 11:09 AM, Sean Noonan <firstname.lastname@example.org> > I've made a variety of changes to the module, available at > https://github.com/stnoonan/spnego-http-auth-nginx-module Sean - thank you for helping improve this, I haven't had much luck getting people to fix the issues/test it/etc. since I originally posted it (even though I had initial interest in it) As such I've never actually used the module myself as our intranet is so convoluted even getting Apache to work is a hassle. But if I can get Apache to work and figure out the right settings, this might finally be the work that makes it work properly for nginx! :) Thanks!