WebAuth 3.7.2 Announcement
The ITS WebAuth team is pleased to announce Stanford WebAuth 3.7.2. This release fixes a serious bug in option parsing in wa_keyring that made the utility unusable. It also fixes some portability problems and improves WebLogin handling of expired or disabled accounts.
For documentation and downloads of WebAuth 3.7.2, see:
New Debian packages have been uploaded to Debian experimental. The wa_keyring bug has been fixed in a separate upload to unstable and is targetted for the squeeze release. Updated versions with the wa_keyring fix will be uploaded to backports.org once WebAuth 3.7.2 migrates to Debian testing.
New Red Hat packages will be coming soon.
The user-visible changes in this release are:
Fix wa_keyring option parsing problems introduced in 3.7.0. Correctly count arguments so that commands are recognized correctly and do not require -- before commands with negative time offsets, like "gc -90d".
Fix uninitialized variable that caused wa_keyring to randomly default to verbose mode for list.
mod_webkdc now returns a user rejected error instead of a generic Kerberos error for attempted authentications to expired accounts or accounts set to disallow authentication, allowing WebLogin to display a rejected user error message rather than a generic failure message.
Add portability code for old MIT Kerberos and Heimdal libraries without krb5_get_init_creds_opt_free.
Fix build problems with with Perl module (only built when the WebKDC is enabled) on platforms where all shared libraries need to be linked with explicitly.