Accepted webauth 4.5.0-1 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 26 Apr 2013 15:21:08 -0700
Source: webauth
Binary: libapache2-mod-webauth libapache2-mod-webkdc libapache2-webauth libapache2-webkdc libwebauth-perl libwebauth10 libwebauth-dev libwebkdc-perl webauth-tests webauth-utils webauth-weblogin
Architecture: source i386 all
Version: 4.5.0-1
Distribution: experimental
Urgency: low
Maintainer: Russ Allbery <rra@debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
libapache2-mod-webauth - Apache modules for WebAuth authentication
libapache2-mod-webkdc - Apache modules for a WebAuth authentication KDC
libapache2-webauth - Transitional package for WebAuth Apache modules
libapache2-webkdc - Transitional package for WebAuth authentication KDC
libwebauth-dev - Development files for WebAuth authentication
libwebauth-perl - Perl library for WebAuth authentication
libwebauth10 - Shared libraries for WebAuth authentication
libwebkdc-perl - Perl libraries for WebAuth central login server
webauth-tests - Tests for the WebAuth authentication modules
webauth-utils - Command-line utilities for WebAuth authentication
webauth-weblogin - Central login server for WebAuth authentication
Closes: 705557
Changes:
webauth (4.5.0-1) experimental; urgency=low
.
* New upstream release.
- WebLogin now supports indicating, on the login form template,
whether to create single sign-on cookies. The default form sends a
parameter saying to do so, but the default behavior is to not create
the cookies. This will require a template change for most WebLogin
deployments.
- Revert change in WebAuthForceLogin interpretation introduced in
WebAuth 4.4.0. It once again requires authentication with a login
token. Document that it will not work well with authorization
identities set after authentication.
- Fix password change handling in WebLogin, broken since 4.4.0.
- Fix reporting of password rejection reasons, broken since 4.3.0.
- mod_webauth and mod_webkdc now produce much better error logs.
- Initial multifactor no longer satisfies a requirement for random
session multifactor, correcting a long-standing bug.
- New WebAuthLdapOperationalAttribute directive for mod_webauthldap
that allows inclusion of operational attributes in the environment.
- WebLogin no longer supports obtaining the password expiration from a
kadmin-remctl backend via a direct remctl call. Instead, it uses
the value from the WebKDC, which comes from the user information
service.
- The WebLogin confirmation page supports a new expire_timestamp
variable, which contains the password expiration in seconds since
UNIX epoch. This should be used instead of the (deprecated)
expire_date variable since it isn't preformatted and can therefore
be localized. See the sample confirm.tmpl template for how to
format the date for display.
- New support for persistent cookies containing additional factors,
controlled by the user information service.
- The WebKDC now passes the user's current factors to the user
information service as an additional parameter to the userinfo
call, which can be used to change behavior based on whether the user
has persistent factors set.
- The user information service can now return a specific set of
required factors instead of just indicating multifactor is required.
- The user information service can return a message for display in
the multifactor authentication page in WebLogin (and that has been
added to the default templates).
- The user information service can, in both the userinfo and validate
calls, return an opaque data structure to WebLogin, and WebLogin can
send an opaque data structre back in the validate call. This allows
for multistep multifactor interactions outside of WebAuth's
knowledge, such as resynchronization of hardware tokens.
- The user information service can add factors to a user's successful
interactive authentication.
- WebLogin and the multifactor page template now receive a list of the
factors a user needs but doesn't yet have, instead of just a
complete list of the desired factors.
- WebLogin can now tell the WebKDC and, in turn, the user information
service what type of OTP authentication was used, if it knows.
- The user information service can indicate the expiration time of
factors resulting from an OTP authentication.
- Errors in contacting the user information service are now logged
even if the WebKDC is configured to ignore those errors.
- Multiple changes to the libwebauth API, most notably revisions to
the webkdc_login and userinfo APIs and a new opaque factors data
type.
- mod_webkdc no longer supports obtaining proxy tokens via a
<getTokenRequest> call. This was never used and is conceptually
useless.
- undef arguments to Perl XS functions are now properly diagnosed.
* Fix some incorrect URLs in the webauth-tests package that were left
over from the test suite rewrite.
* Use an uppercase realm name in the token.acl example in README.Debian
for libapache2-mod-webkdc. Nearly all Kerberos realms will be
uppercase and the realm is case-sensitive. Thanks to Lisandro Damián
Nicanor Pérez Meyer for the report. (Closes: #705557)
Checksums-Sha1:
4ce80809b249e5d23d7c67236ce101c204752bff 2751 webauth_4.5.0-1.dsc
f6c8a03d7659dee240b43c728a99603fe70cd627 860500 webauth_4.5.0.orig.tar.xz
00f04b95ec9a6abdb3ff95b8454f05c84863f3dc 26560 webauth_4.5.0-1.debian.tar.xz
d737ae4ae9a93645aeaffdd5fe502c3ed8d835f5 241190 libapache2-mod-webauth_4.5.0-1_i386.deb
4425cf3a08eafc2c638531854485af2b278eeb33 106178 libapache2-mod-webkdc_4.5.0-1_i386.deb
68a1121cc567a9175ec72ce0f97234c8e467a819 47878 libapache2-webauth_4.5.0-1_all.deb
66f8d31f3137be56da3c1c541581b463a4a118dd 47262 libapache2-webkdc_4.5.0-1_all.deb
4cea6418af0a0ff01ba0e4deedd413227377be4b 141824 libwebauth-perl_4.5.0-1_i386.deb
734fe95d2c7a926b1a1870799240ad7a68ceb719 81864 libwebauth10_4.5.0-1_i386.deb
cd1d2f8368e8469e828d547d288b4414a977492e 96844 libwebauth-dev_4.5.0-1_i386.deb
c01750a07dc6d328ad13e905311bc81a20e8763d 114896 libwebkdc-perl_4.5.0-1_all.deb
e56347de13e514e9074a79e40d0c78ab2626d659 58090 webauth-tests_4.5.0-1_all.deb
e46e857b7c3a8d502252c6e4fd16d7637eae7ccc 56434 webauth-utils_4.5.0-1_i386.deb
1129610af403f2c19b108e924cd86c31c6e84ba4 115676 webauth-weblogin_4.5.0-1_all.deb
Checksums-Sha256:
750959bd8ced5d1c59f03bc7a6f0fce00671d840a19c0e04dea60e8ccd9c93b9 2751 webauth_4.5.0-1.dsc
e7a247807ea0e6a99b348ddbbe1ed8bfb65346ff6545fbc458e7163fd532d1e8 860500 webauth_4.5.0.orig.tar.xz
5a532b1fd7dafeda3bbb265da3469352696f052d071206ffb618c3cac76601da 26560 webauth_4.5.0-1.debian.tar.xz
b8df1fb4b5c97174ecb32725dd77e4bf02246fd14a35735ac4336096f3f06756 241190 libapache2-mod-webauth_4.5.0-1_i386.deb
84c14f60a6e7343cf2282c6c3ab379a5c0e3301944cb34f88e27b6aec607b79c 106178 libapache2-mod-webkdc_4.5.0-1_i386.deb
635ebdf4f3f977bf84940d7987cd27500a35f936b73b0347609a23139cda7dbe 47878 libapache2-webauth_4.5.0-1_all.deb
6b2a62658a02a60b25f71edca98d64cb790a59358cb252118bba4c8ade764d15 47262 libapache2-webkdc_4.5.0-1_all.deb
2286286c29e023e3fbae41aedd06a2accf927fc3f9c5bfb04dc2f264ba906218 141824 libwebauth-perl_4.5.0-1_i386.deb
8230dac161fbe6471d89981e9ff12dede2f25e8c2942a307c7bc8be1c4d1d632 81864 libwebauth10_4.5.0-1_i386.deb
cac00e0a017339bc4ff53a7186fcf8d1dcd87d2a798dddd53114a8f7093fc935 96844 libwebauth-dev_4.5.0-1_i386.deb
7883bb9b397e471f1d35c014c9ae04e5fc79d78efb9b64330e1173ea5defcac5 114896 libwebkdc-perl_4.5.0-1_all.deb
a00e473a5ed2f560360327f0db617414ee5d3c8f98207704ca9c6056c857be34 58090 webauth-tests_4.5.0-1_all.deb
a5b1dc6564850ad6e54b1e3b196c673634500a7d967d297cb18e301f508020ad 56434 webauth-utils_4.5.0-1_i386.deb
80036679189d8dafa779cac2785638c8633a036c9747c879b172a89728572f34 115676 webauth-weblogin_4.5.0-1_all.deb
Files:
d60a46c4198bd44fc87248f44ab1d17b 2751 web optional webauth_4.5.0-1.dsc
f9dd23195525f8b91219040e06754c68 860500 web optional webauth_4.5.0.orig.tar.xz
1b1bed4aada80363da34fd970d37f6af 26560 web optional webauth_4.5.0-1.debian.tar.xz
79a114cad20185a022a3e68476c10af9 241190 httpd optional libapache2-mod-webauth_4.5.0-1_i386.deb
68cf6d9e74d52788a5182906795eeba5 106178 httpd optional libapache2-mod-webkdc_4.5.0-1_i386.deb
8e2af837f5150b210621c1dbd75e7818 47878 oldlibs extra libapache2-webauth_4.5.0-1_all.deb
d821da562b4d8dad8a9dd6a1bced4457 47262 oldlibs extra libapache2-webkdc_4.5.0-1_all.deb
c3adad3053a1c37718392886c2c1c6c1 141824 perl optional libwebauth-perl_4.5.0-1_i386.deb
6e408b0fe1f6e368e8730e4642d1c933 81864 libs optional libwebauth10_4.5.0-1_i386.deb
648d69c3b7f6ccdcfe13fee3b58881b2 96844 libdevel extra libwebauth-dev_4.5.0-1_i386.deb
b0b709889dab1cfed25bd3afbfc6dca2 114896 perl optional libwebkdc-perl_4.5.0-1_all.deb
8ea77dd374eb1c30ef42e5591da7baa7 58090 web optional webauth-tests_4.5.0-1_all.deb
a97442088f6b465d341618aba8899904 56434 web optional webauth-utils_4.5.0-1_i386.deb
192796048d9d1ad8dbece6acacb308b3 115676 web optional webauth-weblogin_4.5.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJRewXHAAoJEH2AMVxXNt51sKIH/iZYrN2RNJ0HrOzaxJRWZh4z
lYZyxvklMF8IhpUU48IYZ0+seYcvW+jftRh9HBMLFnuFbKNCdKCBpnvq9z0U84ca
9l3j0gTTVK21EDkTJANtO6PR07n5CNODso+U1Ii9cmhwnCkHnDO5bepgzd2EBmHx
uRrIgHyKH4sSS4tdzsau19YPMxRVRVwF1XI7Dxkmhvs0DbXmAwlX/o585JQiqfqa
IcWe2v6hpfqRsh5TT4olVnToyAkcrrTP0PY4tqoDwa7E0toXbbFG/5ImmgSLc5tz
fOguroaKUkx6OsU2SRDU6hooa1thUH96ma20mr4a1sDxhqKbehot2tO3DAQ837E=
=fQCZ
-----END PGP SIGNATURE-----
Reply to: