Nginx SPNEGO HTTP Authentication Module

Nginx SPNEGO HTTP Authentication Module:

Nginx module to use SPNEGO+GSSAPI+Kerberos for HTTP authentication

The module has following directives:

- auth_gss: “on”/”off”, for ease of unsecuring while leaving other
  options in the config file,

- auth_gss_realm: what Kerberos realm name to use, for now only used to
  remove it from full [email protected],

- auth_gss_keytab: absolute path-name to keytab file containing service
  credentials,

- auth_gss_service_name: what service name to use when acquiring
  credentials. (TOFIX: HTTP but should be a list in case of some other
  browsers wanting perhaps khttp or http)

TOFIX: for now they are all merely location specific. i.e. no way to
specify main or per server defaults, except for …

Examples
——–

… current “hardcodeds” ;-}

location /topsecret {
  auth_gss on;
  auth_gss_realm LOCALDOMAIN;
  auth_gss_keytab /etc/krb5.keytab;
  auth_gss_service_name HTTP;
}