1

I'm currently using nginx as a load balancer for a tomcat app thats located on two different servers. That app uses NTLM for authentication and nginx is working perfectly fine (valid users are automatically logged in when calling the nginx address).

Now I'd like to do the same for an app that is using Kerberos for windows authentication. I'm testing nginx with the same configuration (different app/IPs of course), but the login does not work. I should be logged in automatically with kerberos, but instead a username and password of the server nginx is running on gets requested saying:

"Authentication required"

What do I need to change in my nginx configuration? Or is this not a config issue?

        worker_processes  1;
        events {
            worker_connections  1024;
        }


        http {
            include       mime.types;
            default_type  application/octet-stream;

            proxy_cache_path /Temp/NGINX_cache/ keys_zone=backcache:10m;

            sendfile        on;
            keepalive_timeout  65;


            upstream myapp {

                hash $remote_addr consistent;

                # List of myapp application servers
                server 10.54.76.7:8080;
                server 10.54.73.8:8080;


            }



            server {
                listen       80;
                server_name  localhost;



                location /myapp/ {
                    proxy_pass http://myapp;
                    proxy_set_header Host            $host;
                    proxy_set_header X-Forwarded-For $remote_addr;

                }


                # Return a temporary redirect to the /tomcat-app/ directory
                # when user requests '/'
                location = / {
                    return 302 /myapp/;
                }



                # redirect server error pages to the static page /50x.html

                error_page   500 502 503 504  /50x.html;
                location = /50x.html {
                    root   html;
                }



                proxy_read_timeout 900s;
                client_max_body_size 5000M;
            }
        }

Kind Regards

Alex

alexmm
  • 99
  • 1
  • 13

1 Answers1

2

Your Nginx install needs to have been built with the auth_pam module, which is not part of the standard build.

If running nginx -V 2>&1 | grep -o auth-pam returns something then you are in luck, otherwise you'll have to rebuild and add the module yourself

miknik
  • 5,748
  • 1
  • 10
  • 26
  • Many thanks! I probably should've mentioned that I'm using nginx on a windows system. I originally thought that I only need that additional module if I'm using authentication on the nginx level instead of the webapp itself. – alexmm Jul 06 '18 at 06:39