WebAuth 3.7.0

WebAuth 3.7.0 is a major new release of WebAuth with improvements to mod_webauthldap and new support for password change and expired passwords in WebLogin. This is the culmination of quite a bit of work, much of it by Jon Robertson and Ian Ward Comfort, over the past three or four months.

This is also the first release of WebAuth that makes nearly full use of the C TAP Harness test suite driver and rra-c-util C portability layer used by other packages. The test suite has been overhauled to work like the test suites in my other packages, and Jon Robertson wrote a new test suite for the WebLogin server. This should make further development much easier.

The largest user-visible changes for the typical installation are to mod_webauthldap. WebAuthLdapAuthRule now puts more useful information in the environment, and there's a new WebAuthLdapPrivgroup directive that can check the user's membership against multiple privgroups and put the list of memberships into an environment variable. These are both helpful for common authorization problems.

The WebLogin server, as mentioned, now correctly supports password expiration, prompting the user to select a new password immediately if their password has expired and then continuing with normal operations. It can also warn the user if their password is going to expire within a configurable time period. Finally, included in the WebLogin suite is now a separate interface for user-initiated password changes, both for the use of the rest of the WebLogin code and so that users can change their passwords near where they authenticate.

The build system has been significantly overhauled and no longer uses apxs to do the compilation and linking of modules. As a result, the module installation path has changed, but the build system is also much cleaner and doesn't require workarounds for packagers the way that it did before. Many of the configure flags have been changed or updated.

This release also has a substantial overhaul in the WebAuth library, making its use of types more consistent and dropping one unnecessary function. As a result, the library SONAME and ABI have changed and any applications built against the WebAuth library will need to be recompiled.

There are also several other, more minor bug fixes and updates, plus some new installation documentation for Stanford users. See the changes summary for more information.

You can get the latest version either from the official distribution site or from the WebAuth distribution page that I maintain.

Posted: 2010-07-08 17:04 — Why no comments?

Last modified and spun 2022-06-12