There is this Github-Porject which enables NTLM-Support for NGINX-Without the need for NGINX+.
Is it possible to integrate this or even make it default in an upcoming opnSense-Firware/Plugin-Update?
https://github.com/gabihodoroaga/nginx-ntlm-module
https://hodo.dev/posts/post-18-nginx-ntlm-module/
Thx in advance...
Someone here states that using a Stream-Proxy would also make NTLM possible.
https://serverfault.com/a/757612
Is this something we can consider to get NTLM for Publishing usable?
What are the cons of Stream-Server vs normal Server in NGINX?
QuoteIs this something we can consider to get NTLM for Publishing usable?
yes. but there is no L7 stuff. all works on L3/4
QuoteWhat are the cons of Stream-Server vs normal Server in NGINX?
hm. streams should be faster imho
Quote from: Fright on October 27, 2022, 08:21:02 PM
QuoteIs this something we can consider to get NTLM for Publishing usable?
yes. but there is no L7 stuff. all works on L3/4
QuoteWhat are the cons of Stream-Server vs normal Server in NGINX?
hm. streams should be faster imho
But less secure I guess?
QuoteBut less secure I guess?
in terms of application layer control - yes.
but ntlm via http proxy is a bit tricky itself imho and has drawbacks. for example, a little misconfig or error can lead to session mixing (like https://github.com/haproxy/haproxy/issues/581)
in my opinion there is no definitive answer here (depends on specific requirements)
So back to Question if it makes sense and might be possible to integrate https://github.com/gabihodoroaga/nginx-ntlm-module in nginx-opnsense-plugin...
seriously doubt it will
perhaps NGINX devs will decide to allow ntlm in the open source version sometime?
maybe ask them?