Working SPNEGO/GSS Negotiate
stnoonan at obsolescence.net
Thu Sep 27 18:09:00 UTC 2012
Back in February, some patches were posted to the list
that made the spnego module for nginx partially work. It did not work
on non-standard ports and did not fall back to GSS Negotiate properly.
It also still relied on spnegohelp, an opaquely licensed sample
implementation from Microsoft.
I've made a variety of changes to the module, available at
At this point, I've replaced usage of apache+mod-auth-kerb+unicorn
with nginx+spnego-http-auth-nginx-module+unicorn and resolved at least
one of the production issues I was running into. There are still
quite a few rough spots in this code, so if anyone else would like to
test and submit bugs, I'd be happy to actually investigate and fix
them as needed.
More information about the nginx