I currently work in an enterprise environment. As usual, that means I must develop my web applications next to a primarily Windows based environment (i.e. LDAP / Active Directory). The present form of SSO (single sign-on) that is used here is a mix of Kerberos and NTLM authentication, with Kerberos being the preferred method.

How do I get this to work with Linux?

No matter what language you use (php, node.js, ruby, etc), you will likely face having to implement a form of LDAP authentication into a Windows Active Directory environment at least once in your lifetime. In addition, you will find the expectation for automatic authentication.

A practical example

To achieve this in a php/nginx environment I recommend a mixture of the php-ldap extension and the spnego-http-auth-nginx-module. In my particular use case, I have modified the nginx module to accept all sessions including failed Kerberos attempts. That way any problem with that module will gracefully fall back to cookie/token based sessions within the web application (in this case php).