Working SPNEGO/GSS Negotiate

Back in February, some patches were posted to the list
(I patched the spnego module)
that made the spnego module for nginx partially work. It did not work
on non-standard ports and did not fall back to GSS Negotiate properly.
It also still relied on spnegohelp, an opaquely licensed sample
implementation from Microsoft.

I’ve made a variety of changes to the module, available at

At this point, I’ve replaced usage of apache+mod-auth-kerb+unicorn
with nginx+spnego-http-auth-nginx-module+unicorn and resolved at least
one of the production issues I was running into. There are still
quite a few rough spots in this code, so if anyone else would like to
test and submit bugs, I’d be happy to actually investigate and fix
them as needed.


On Thu, Sep 27, 2012 at 11:09 AM, Sean Noonan
[email protected] > I’ve made a variety of changes to the
module, available at

GitHub - stnoonan/spnego-http-auth-nginx-module: SPNEGO HTTP Authentication Module for nginx

Sean - thank you for helping improve this, I haven’t had much luck
getting people to fix the issues/test it/etc. since I originally
posted it (even though I had initial interest in it)

As such I’ve never actually used the module myself as our intranet is
so convoluted even getting Apache to work is a hassle. But if I can
get Apache to work and figure out the right settings, this might
finally be the work that makes it work properly for nginx! :slight_smile: