I patched the spnego module

Hi,

i only want to announce, that i patched the spnego module, so you can
use it as
a 100% replacement to apache2+mod_auth_kerb.

I installed in on 3 hosts running now for about 2 weeks without an
error.
Perhaps somebody wants to test it too? :slight_smile:

bye MUH!

–
;;,
)…(
=_)
(oo)| |
#!/usr/bin/env python
domain={‘r4w.de’: ‘i hate perl’}
domainparts=[‘python’,‘blog’,‘r4w’,‘de’]
print domain[‘.’.join(domainparts[[i for i in range(0,len(domainparts)) if domain.has_key(‘.’.join(domainparts[i:]))][0]:])]

On Tue, Feb 14, 2012 at 11:45 PM, Sven L. [email protected]
wrote:

Hi,

i only want to announce, that i patched the spnego module, so you can use it as
a 100% replacement to apache2+mod_auth_kerb.

GitHub - muhgatus/spnego-http-auth-nginx-module: SPNEGO HTTP Authentication Module for nginx

I installed in on 3 hosts running now for about 2 weeks without an error.
Perhaps somebody wants to test it too? :slight_smile:

Was this based off off of my work I funded?

I just got a blog reply a couple days ago saying someone had got it
working, which was the first time I had got a positive reply (since my
corporate network seems so complex I can’t test it on my own still…)
http://michaelshadle.com/2010/01/17/spnego-for-nginx-a-start-at-least

It would be great to have a working module for this, there was
interest in it when I brought it up a couple years ago, but then
nobody helped extend or test it :slight_smile:

I would love to talk offline, maybe there is something you’re doing
vs. mine (I didn’t code it, only sponsor it) but obviously I want the
most mature and extensible module out there.

From my understanding if Kerberos fails it’s supposed to fall back to
digest, but nginx did not support digest yet (only basic), someone
once summarized it for me and it is in my notes somewhere.

On 02-15 09:59, Michael S. wrote:

Was this based off off of my work I funded?
GitHub - mike503/spnego-http-auth-nginx-module: SPNEGO HTTP Authentication Module for nginx

yes, it is.

From my understanding if Kerberos fails it’s supposed to fall back to
digest, but nginx did not support digest yet (only basic), someone
once summarized it for me and it is in my notes somewhere.

i only added basic auth to it in order if the browser does not
support negotiation then it will fall back to basic-auth and checks the
given password against kerberos.

i do not know how the get the digest auth working. basic auth was
simple. i
modified the code within a couple of hours.

It would be great to have a working module for this, there was
interest in it when I brought it up a couple years ago, but then
nobody helped extend or test it :slight_smile:

i started to replace apache installations by nginx. so, here is my test
result:

it works :wink:

I would love to talk offline, maybe there is something you’re doing
vs. mine (I didn’t code it, only sponsor it) but obviously I want the
most mature and extensible module out there.

so, you might merge my changes back to your repository on github.