WebAuth 4.0.1 Announcement
The ITS WebAuth team is pleased to announce Stanford WebAuth 4.0.1. This is a bug-fix release for the new functionality in WebAuth 4.0.0. It is the version that we expect to deploy in production, but that deployment has not yet happened.
For documentation and downloads of WebAuth 4.0.1, see:
New Debian packages have been uploaded to Debian unstable. New Red Hat packages will be coming later.
The user-visible changes in this release are:
The protocol for getting suspicious login information from the user information service and conveying that information to WebLogin has changed to use the IP address as the content of the tag and move the hostname to an attribute, since the hostname is optional and may not be available.
If the user information service returns suspicious logins, WebLogin now forces a confirmation page and displays those logins. Full use of this functionality will require an update to the local confirm template to add the suspicious login display if the corresponding template variable is set.
Log the return URL of authentication requests to the WebKDC.
Fix a memory leak in token decoding.
Properly initialize the creation time of the error token returned to the WAS when a login is canceled.
Reduce the log level of the mod_webauth logging when retrieving credentials from the WebKDC. The full XML exchange is now only logged when debug logging is enabled.
Update to rra-c-util 3.9:
- Use an atexit handler to clean up after Kerberos tests.