Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Set header based on workgroup/privgroup

Russ Allbery eagle at windlord.stanford.edu
Thu Jan 31 23:09:29 PST 2013


Fletcher Cocquyt <fcocquyt at stanford.edu> writes:

> Thanks Russ, works as advertised and tested by DEV team.

> Now we are faced with upgrading prod webauth from 3.6.2 in prod to use
> this directive.

> What version would you recommend to minimize issues?

4.4.1 (just released) is the same as 4.4.0 for mod_webauth and got a
pretty good round of testing, but it's not yet that widely deployed.  It
would probably be fine, but if you want to be extra-safe, the
www.stanford.edu servers are running 4.3.2.  (4.3.3 is the same as 4.3.2
but with some additional bug fixes for WebLogin code.)  Either would get
you multifactor support and Apache 2.4 support.

If now is a bad time to do a major upgrade, 3.7.3 was quite stable and was
rather close to what you're running.  (3.7.4 wasn't used for as long, but
should also be fine and adds WebAuthOptional.)

-- 
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University


More information about the webauth-info mailing list