How to Windows auth working on nginx reverse proxy ???
Maxim Dounin
mdounin at mdounin.ru
Mon Jan 9 14:06:15 UTC 2012
Hello!
On Mon, Jan 09, 2012 at 03:00:13AM -0500, cn_nginxer wrote:
> Hello Ryan,
>
> May I ask an very stupide question, what do you mean by nginx is not
> supported back-end keep-alive?
Backend keepalive http connections are supported since nginx 1.1.4, but
it doesn't help to proxy NTLM. See below.
> I checked with wireshark, both NTLM and MD authentication are using the
> same TCP connection, as far as I understand, nginx is just do a forward
> job, so the question is that why nginx could foward the MD request to
> the client but not NTLM request?
NTLM is connection-based and requires the same connection to be
used for other requests from the client. It's not going to work
through http proxy servers as "the same connection for the same
client" isn't guaranteed by http proxy servers. See here for
details:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true
Digest authentication, in contrast, doesn't rely on the same
connection to be used. Instead, client provides data originally
supplied by the server (nonce value) in each request. See here
for details:
http://en.wikipedia.org/wiki/Digest_access_authentication
http://tools.ietf.org/html/rfc2617
Maxim Dounin
More information about the nginx
mailing list