Advise for NTLM-Auth
mdounin at mdounin.ru
Mon Apr 18 19:47:42 UTC 2016
On Mon, Apr 18, 2016 at 09:21:53PM +0200, A. Schulze wrote:
> currently we run web applications on nginx accessible from MS clients part
> of a Windows Domain.
> the users are requested to authenticate via Basic-Auth (via HTTPS) which
> nginx validate against the
> domain activ directory using https://github.com/kvspb/nginx-auth-ldap
> But I think the MS browser could do NTLM auth as well.
> Are there suggested nginx modules to let a MS browser transparent login into
> a webapp run on nginx?
> I found https://github.com/stnoonan/spnego-http-auth-nginx-module so far.
> Before I start playing I'll ask if there are other / better / suggested
> (I usually compile nginx+modules myself)
Just a side note: NTLM auth is broken by design and violates HTTP
basic rules. Avoid using it if you can.
More information about the nginx