Advise for NTLM-Auth

Maxim Dounin mdounin at mdounin.ru
Mon Apr 18 19:47:42 UTC 2016


Hello!

On Mon, Apr 18, 2016 at 09:21:53PM +0200, A. Schulze wrote:

> Hello,
> 
> currently we run web applications on nginx accessible from MS clients part
> of a Windows Domain.
> the users are requested to authenticate via Basic-Auth (via HTTPS) which
> nginx validate against the
> domain activ directory using https://github.com/kvspb/nginx-auth-ldap
> 
> But I think the MS browser could do NTLM auth as well.
> 
> Are there suggested nginx modules to let a MS browser transparent login into
> a webapp run on nginx?
> I found https://github.com/stnoonan/spnego-http-auth-nginx-module so far.
> Before I start playing I'll ask if there are other / better / suggested
> modules?
> (I usually compile nginx+modules myself)

Just a side note: NTLM auth is broken by design and violates HTTP 
basic rules.  Avoid using it if you can.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list