Working SPNEGO/GSS Negotiate
Sean Noonan
stnoonan at obsolescence.net
Thu Sep 27 18:09:00 UTC 2012
Back in February, some patches were posted to the list
(http://mailman.nginx.org/pipermail/nginx/2012-February/031897.html)
that made the spnego module for nginx partially work. It did not work
on non-standard ports and did not fall back to GSS Negotiate properly.
It also still relied on spnegohelp, an opaquely licensed sample
implementation from Microsoft.
I've made a variety of changes to the module, available at
https://github.com/stnoonan/spnego-http-auth-nginx-module
At this point, I've replaced usage of apache+mod-auth-kerb+unicorn
with nginx+spnego-http-auth-nginx-module+unicorn and resolved at least
one of the production issues I was running into. There are still
quite a few rough spots in this code, so if anyone else would like to
test and submit bugs, I'd be happy to actually investigate and fix
them as needed.
--Sean
More information about the nginx
mailing list