WebAuth 3.7.4

The initial goal of this release was to get some bug fixes out the door so that we could use the release as the basis for upcoming multifactor authentication work. But I'd promised to look at a few other things "for the next release," so there was more in here than I was expecting.

The major new feature is support for optional authentication (also known as "lazy sessions" or "passive authentication." This allows one to designate some web pages as optionally authenticated. If an authentication cookie exists, WebAuth will put the authenticated identity in the environment as normal. If the user is not already authenticated, WebAuth will do nothing and still allow access. The authentication status can then be checked by dynamic content and the user offered a login link if they desire.

Also in this release is a workaround for an MIT Kerberos client library bug in the password change code in WebLogin, a compatibility fix with new versions of libwww-perl around certificate verification in WebLogin, compilation fixes with Solaris 10 and Red Hat Enterprise 5, and other, more minor bug fixes.

You can get the latest version from the official WebAuth pages or from my WebAuth distribution page.

Posted: 2011-05-11 16:01 — Why no comments?

Last spun 2013-07-01 from thread modified 2013-01-04