Welcome! Log In Create A New Profile

Advanced

Re: Satisfy directive behaviour

Previous Message Next Message
Forum List Message List New Topic Print View
Sergey Brester
July 01, 2015 10:56AM
Hi,

Look at module "auth_request"
(http://nginx.org/en/docs/http/ngx_http_auth_request_module.html).
Good working solution at the moment is to use auth_request module
together with some external auth-daemon.
You can avoid many problems, e.g. with async/sync handling etc.

Using that I have already successful realized many authentication
methods (inclusively NTLM/Negotiate for windows).
If you have to realize anything doing handshake, you can use a variable
$connection or combination "$connection:$remote_addr:$remote_port" as
identifier for your connect with persistent authentication.

Regards,
sebres.


01.07.2015 15:36, Petra Kamenickova:

> Hi!
>
> I'm working on custom PAM module which could be used as an
> authorization support for authentication modules (e.g.
> ngx_http_auth_spnego_module) and I ran into few problems. I'm not sure
> I fully get the interactions between and within
> phases in nginx. My background is Apache HTTP Server so that might have
> twisted my expectations.
>
> I have noticed that satisfy directive behaves slightly different than
> Apache's satisfy - nginx checks every module in access phase and the
> first successful invocation stops any subsequent checks whereas
> Apache's satisfy checks host based access vs. other access modules. It
> has some implications especially for authentication and authorization
> implications. What would be the best way to make sure that
> authorization phases that need authentication to be run gets that
> authentication executed, even with satisfy any?
>
> The post access phase looks like a good place for authorization but it
> seems custom modules cannot really be added to this phase. So... is it
> possible to add somehow my module handler into post access phase
> without changing the core module? Or is there any way how to keep my
> module in access phase but skip the satisfy check for that module?
>
> I would be grateful for any help!
>
> --
> Petra Kamenickova
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel [1]


Links:
------
[1] http://mailman.nginx.org/mailman/listinfo/nginx-devel

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

Satisfy directive behaviour

Petra Kamenickova 738 July 01, 2015 09:38AM

Re: Satisfy directive behaviour

Sergey Brester 436 July 01, 2015 10:56AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 165
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready