Working SPNEGO/GSS Negotiate

Server NGINX
1

Back in February, some patches were posted to the list
(I patched the spnego module)
that made the spnego module for nginx partially work. It did not work
on non-standard ports and did not fall back to GSS Negotiate properly.
It also still relied on spnegohelp, an opaquely licensed sample
implementation from Microsoft.

I’ve made a variety of changes to the module, available at

At this point, I’ve replaced usage of apache+mod-auth-kerb+unicorn
with nginx+spnego-http-auth-nginx-module+unicorn and resolved at least
one of the production issues I was running into. There are still
quite a few rough spots in this code, so if anyone else would like to
test and submit bugs, I’d be happy to actually investigate and fix
them as needed.

–Sean

2

On Thu, Sep 27, 2012 at 11:09 AM, Sean Noonan
[email protected] > I’ve made a variety of changes to the
module, available at

GitHub - stnoonan/spnego-http-auth-nginx-module: SPNEGO HTTP Authentication Module for nginx

Sean - thank you for helping improve this, I haven’t had much luck
getting people to fix the issues/test it/etc. since I originally
posted it (even though I had initial interest in it)

As such I’ve never actually used the module myself as our intranet is
so convoluted even getting Apache to work is a hassle. But if I can
get Apache to work and figure out the right settings, this might
finally be the work that makes it work properly for nginx! :slight_smile:

Thanks!