Advise for NTLM-Auth

Max Clements max at
Wed Apr 20 00:01:21 UTC 2016


Kerberos and NTLM are two completely different ways of authenticating
a user. Whilst they essentially do the same thing, the main difference
that you care about is that Kerberos works correctly over HTTP, unlike
NTLM which does not.

- which module you may suggest
There are a number of modules that perform kerberos authentication on
Nginx -- this one for example, you should
select one that meets your needs.

- what role play the proxy mentioned here not the first time?
I am using the term generically. Nginx is a proxy to whatever
application you are running behind it - in the sense that you make a
request to Nginx from a client, and Nginx sends it (proxies) it to
your application server - be that a WSGI application or whatever.
That part I don't know - but it also really does not matter as your
problem seems to be pass-through authentication on Nginx?

Now you also need to configure Kerberos and a Keytab file on Nginx for
this all to work.  There is a reference on how to configure this with
AD integration here:

Ignore the parts on how to configure Apache, the first parts on
configuring kerberos and NTP are relevant, as well as how to make a
keytab file.


On Tue, Apr 19, 2016 at 12:29 PM, A. Schulze <sca at> wrote:
> Max Clements:
>> Depending on the versions of Windows and what you are trying to do, it
>> may be possible to use Kerberos via Nginx, rather than NTLM.
> that's what I mean saying "I don't care if it's named NTLM or ugly_voodoo"
> You name it "Kerberos" - fine.
> Now I came up with two questions:
>  - which module you may suggest
>  - what role play the proxy mentioned here not the first time?
> A general problem description and how a proxy (reverse-proxy?) solve it
> would be nice.
> Thanks,
> Andreas
> _______________________________________________
> nginx mailing list
> nginx at

Monday is an awful way to spend 1/7th of your life...

More information about the nginx mailing list