Welcome! Log In Create A New Profile

Re: Advise for NTLM-Auth

Forum List Message List New Topic Print View

Max Clements

April 19, 2016 08:02PM

Andreas,

Kerberos and NTLM are two completely different ways of authenticating
a user. Whilst they essentially do the same thing, the main difference
that you care about is that Kerberos works correctly over HTTP, unlike
NTLM which does not.

- which module you may suggest
There are a number of modules that perform kerberos authentication on
Nginx -- this one for example
https://github.com/stnoonan/spnego-http-auth-nginx-module, you should
select one that meets your needs.

- what role play the proxy mentioned here not the first time?
I am using the term generically. Nginx is a proxy to whatever
application you are running behind it - in the sense that you make a
request to Nginx from a client, and Nginx sends it (proxies) it to
your application server - be that a WSGI application or whatever.
That part I don't know - but it also really does not matter as your
problem seems to be pass-through authentication on Nginx?

Now you also need to configure Kerberos and a Keytab file on Nginx for
this all to work. There is a reference on how to configure this with
AD integration here:
https://www.johnthedeveloper.co.uk/single-sign-on-active-directory-php-ubuntu

Ignore the parts on how to configure Apache, the first parts on
configuring kerberos and NTP are relevant, as well as how to make a
keytab file.

--Max

On Tue, Apr 19, 2016 at 12:29 PM, A. Schulze <sca@andreasschulze.de> wrote:
>
> Max Clements:
>
>> Depending on the versions of Windows and what you are trying to do, it
>> may be possible to use Kerberos via Nginx, rather than NTLM.
>
>
> that's what I mean saying "I don't care if it's named NTLM or ugly_voodoo"
> You name it "Kerberos" - fine.
>
> Now I came up with two questions:
> - which module you may suggest
> - what role play the proxy mentioned here not the first time?
>
> A general problem description and how a proxy (reverse-proxy?) solve it
> would be nice.
>
> Thanks,
> Andreas
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Monday is an awful way to spend 1/7th of your life...

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Advise for NTLM-Auth	A. Schulze	April 18, 2016 03:24PM
Re: Advise for NTLM-Auth	Maxim Dounin	April 18, 2016 03:48PM
Re: Advise for NTLM-Auth	A. Schulze	April 18, 2016 05:00PM
Re: Advise for NTLM-Auth	unclepieman	April 18, 2016 05:30PM
Re: Advise for NTLM-Auth	Maxim Dounin	April 18, 2016 09:36PM
Re: Advise for NTLM-Auth	unclepieman	April 19, 2016 02:14AM
Re: Advise for NTLM-Auth	Max Clements	April 19, 2016 02:54PM
Re: Advise for NTLM-Auth	A. Schulze	April 19, 2016 03:30PM
Re: Advise for NTLM-Auth	Max Clements	April 19, 2016 08:02PM
Re: Advise for NTLM-Auth	Aleksandar Lazic	April 19, 2016 03:12AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 316

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018