Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

WebAuth 3.5.4 released

Russ Allbery eagle at windlord.stanford.edu
Tue Apr 24 15:14:39 PDT 2007


The ITS WebAuth team is pleased to announce Stanford WebAuth 3.5.4.  This
release fixes mod_webauthldap configuration parsing, adds various minor
feature enhancements, and improves presentation of Shibboleth IdP
authentication.

For documentation and downloads of WebAuth 3.5.4, see:

    <http://webauth.stanford.edu/> 

We have not yet updated the Red Hat and Solaris builds.

The user-visible changes in this release are:

 *) Add a configuration option to WebLogin to attempt to decode return
    URLs pointing to a Shibboleth IdP and display on the confirmation page
    the final destination instead of the intermediate IdP.

 *) For pages that the browser should reload each time (WebAuthDoLogout or
    WebAuthDontCache), also always set the content modification time to
    now.  Otherwise, the browser may check the last modification time on
    the page and then serve its cached copy, ignoring any new Cookie
    headers from the server (such as cookie clearing from a logout page).

 *) For WebAuthDoLogout, WebAuthDontCache, and all WebLogin pages, set
    Cache-Control: no-store as well as no-cache.  no-store wasn't really
    intended for this purpose but preventing the browser from keeping a
    local copy is more likely to force the behavior we want.  (This is
    probably not necessary given the above change, but shouldn't hurt.)

 *) Properly merge configuration settings in mod_webauthldap.  This will
    correct problems with WebAuthLdapAuthrule, WebAuthLdapFilter, and
    WebAuthLdapPort configuration options not being honored inside virtual
    hosts.  Thanks to Wadud Miah for the bug report.

 *) Refresh the REMOTE_USER configuration cookie on each WebLogin page
    visit so that it won't expire if the user is using WebLogin
    regularly.

 *) Document the cookies used by the WebLogin service.

 *) Read ticket defaults from krb5.conf properly when built with Heimdal.

 *) Fix configure logic and Kerberos library analysis on systems with
    multiple versions of Kerberos installed.

If you have any problems or questions, please send mail to the
webauth-info mailing list or (for Stanford users) file a HelpSU ticket.

-- 
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Unix Systems and Applications, Stanford University



More information about the webauth-info mailing list