I’ve revised this after talking to a coworker… I’d like to revise
the technical details of this original request.
I want to get SPNEGO-capable authentication into nginx, so it can be
adopted and used inside of enterprises with Active Directory for SSO -
not using pam_smb or LDAP only, as that doesn’t make for an entirely
seamless experience. I want Kerberos support for Integrated Windows
Authentication - that is what is expected in our enterprise and not
having to prompt the user for their username/password and such.
I’ve posted this on RentACoder - it’s not live yet, but when it is it
will be bid request ID 1064860.
If anyone is interested, please let me know! I am willing to pay, and
may in fact be able to raise extra cash by other parties for this.
Please email me on or off list.
It should be as simple as a couple libraries (openldap, openssl,
libkrb5? I don’t know) and some simple configuration like:
auth_spnego_controller adserver1.foo.com adserver2.foo.com; (if this
auth_spnego_timeout 7d; (if not defaulted by the libraries etc.)
… etc …
Here’s some links/info about SPNEGO and some source code in various
languages to use for example…
http://modgssapache.sourceforge.net/ - probably the best C source to
- mod_krb5 - quite possibly even better C source
http://tools.ietf.org/html/rfc2478 - possibly might have info
- modgssapache uses APIs from microsoft, tested on linux/solaris,
mod_spnego tested on all major platforms
http://bofriis.dk/spnego/spnego_client.html - java implementation
another java implementation
possibly added into openldap
mod_auth_kerb for apache might also have some source
samba 3.0.7+ might have source (see a reference to libsmb/spnego.c)
http://www.ioplex.com/ - PHP support for SPNEGO