Development Request: Implementing SPNEGO into nginx

mike mike503 at
Fri Dec 12 23:32:07 EST 2008

First off, I'm sorry if this is a bit off-topic for the list, but I
don't really know where else to post it.

The nginx portion is probably quite easy, I'm thinking understanding
and implementing the SPNEGO/krb/gssapi/etc/etc. stuff will be more

For those who don't know, nginx is a high performance webserver -
quite possibly the highest performing one on the web (depending on the
featureset you're looking for) - I have been using it for a while for
public websites but I would like to use it now for intranet websites
as well. The company I work for uses IWA for transparent SSO and seems
to deprecating NTLM for Kerberos-based SPNEGO (algorithm city) - I'd
want what looks like mod_auth_kerb ported to nginx, and I'd be willing
to pay (as well as possibly drum up some extra funds if needed) - I am
wondering if anyone on this list would be interested or would know
anyone who is interested in this?

I'm thinking all of the work is pretty much done for implementing the
Kerberos stuff, it just needs to be reworked to work with nginx's
authentication mechanism, I'm sure you could take it's auth_basic and
dump in the relevant pieces, alter any Makefiles or anything to
include extra libraries and probably be done.

I have a bid request up on RentACoder but I am thinking the detail
scares away most of the developers on there (seems like a majority are

I would love to have any kind of discussion on this, on or off list
(whatever you feel is appropriate) - I hoped to get the attention of
competent C developers with Kerberos knowledge, since the nginx piece
is probably -very- easy. I don't know C, or I'd attempt it myself.

Please let me know!


More information about the krbdev mailing list