Kerberos authentication module for nginx
Matteo Redaelli
lists at ruby-forum.com
Thu Apr 30 23:06:54 MSD 2009
I have used modauthkerb for three years without any problem for
authenticating users (ca 25000 daily) in my company.
I'll be happy to test your code when available.
But please what do you mean with "I can't figure out how to get my
Ubuntu machine on our domain at work, and that is required for this to
work".
Must the web server be joined to the Windows Domain in order to be able
to use mod kerb?
with mod_auth_kerb it is not required. you need only to generate a
KEYTAB with the KTPASS comand (see
http://www.redaelli.org/matteo/binaries/downloads/documents/apache_kerberos_w2003_spnego.pdf
- sorry for the italian)
Regards
m a t t e o . r e d a e l l i AT gmail.com
Michael Shadle wrote:
> On Wed, Apr 29, 2009 at 2:09 AM, Matteo Redaelli <lists at ruby-forum.com>
> wrote:
>> Ciao
>>
>> It would be very useful for intranet web applications to have a Kerberos
>> Authentication module like the one for apache httpd
>> (http://modauthkerb.sourceforge.net/) and the lighttpd one
>> (http://redmine.lighttpd.net/issues/1899).
>>
>> Has enyone already implemented it? is it in the roadmap?
>
> I have a developer working on it right now, actually.
>
> Once his code is in a functional state I'll want as many people out
> there to review and try it.
>
> It's basically a port of mod_auth_gssapi from Apache, which seemed to
> have the strongest SPNEGO support.
>
> I hired the developer through RentACoder; if anyone feels inclined to
> pitch in funds to help cover the cost I'd be more than happy to
> supplement him/cover some of my out of pocket expense (my company did
> not cover it, I paid for it personally to help nginx advance and my
> company can benefit from it)
>
> Essentially it will do all the Kerberos work and supply REMOTE_USER
> via the environment to PHP, etc.
>
> If you have a good understanding of how it works I'd like your input
> on it to make sure the developer is creating it in a useful fashion
> (and/or you can help test) - right now I am stuck as I can't figure
> out how to get my Ubuntu machine on our domain at work, and that is
> required for this to work. (It would be great if it didn't have to be
> on the domain though ... )
--
Posted via http://www.ruby-forum.com/.
More information about the nginx
mailing list