Back in February, some patches were posted to the list
that made the spnego module for nginx partially work. It did not work
on non-standard ports and did not fall back to GSS Negotiate properly.
It also still relied on spnegohelp, an opaquely licensed sample
implementation from Microsoft.
I’ve made a variety of changes to the module, available at
At this point, I’ve replaced usage of apache+mod-auth-kerb+unicorn
with nginx+spnego-http-auth-nginx-module+unicorn and resolved at least
one of the production issues I was running into. There are still
quite a few rough spots in this code, so if anyone else would like to
test and submit bugs, I’d be happy to actually investigate and fix
them as needed.