Nginx SPNEGO HTTP Authentication Module
June 3, 2011 by admin · Leave a Comment
Nginx SPNEGO HTTP Authentication Module:
Nginx module to use SPNEGO+GSSAPI+Kerberos for HTTP authentication
The module has following directives:
- auth_gss: “on”/”off”, for ease of unsecuring while leaving other
options in the config file,
- auth_gss_realm: what Kerberos realm name to use, for now only used to
remove it from full [email protected],
- auth_gss_keytab: absolute path-name to keytab file containing service
credentials,
- auth_gss_service_name: what service name to use when acquiring
credentials. (TOFIX: HTTP but should be a list in case of some other
browsers wanting perhaps khttp or http)
TOFIX: for now they are all merely location specific. i.e. no way to
specify main or per server defaults, except for …
Examples
——–
… current “hardcodeds” ;-}
location /topsecret {
auth_gss on;
auth_gss_realm LOCALDOMAIN;
auth_gss_keytab /etc/krb5.keytab;
auth_gss_service_name HTTP;
}