Advise for NTLM-Auth
max at clements.za.net
Wed Apr 20 00:01:21 UTC 2016
Kerberos and NTLM are two completely different ways of authenticating
a user. Whilst they essentially do the same thing, the main difference
that you care about is that Kerberos works correctly over HTTP, unlike
NTLM which does not.
- which module you may suggest
There are a number of modules that perform kerberos authentication on
Nginx -- this one for example
https://github.com/stnoonan/spnego-http-auth-nginx-module, you should
select one that meets your needs.
- what role play the proxy mentioned here not the first time?
I am using the term generically. Nginx is a proxy to whatever
application you are running behind it - in the sense that you make a
request to Nginx from a client, and Nginx sends it (proxies) it to
your application server - be that a WSGI application or whatever.
That part I don't know - but it also really does not matter as your
problem seems to be pass-through authentication on Nginx?
Now you also need to configure Kerberos and a Keytab file on Nginx for
this all to work. There is a reference on how to configure this with
AD integration here:
Ignore the parts on how to configure Apache, the first parts on
configuring kerberos and NTP are relevant, as well as how to make a
On Tue, Apr 19, 2016 at 12:29 PM, A. Schulze <sca at andreasschulze.de> wrote:
> Max Clements:
>> Depending on the versions of Windows and what you are trying to do, it
>> may be possible to use Kerberos via Nginx, rather than NTLM.
> that's what I mean saying "I don't care if it's named NTLM or ugly_voodoo"
> You name it "Kerberos" - fine.
> Now I came up with two questions:
> - which module you may suggest
> - what role play the proxy mentioned here not the first time?
> A general problem description and how a proxy (reverse-proxy?) solve it
> would be nice.
> nginx mailing list
> nginx at nginx.org
Monday is an awful way to spend 1/7th of your life...
More information about the nginx