"Fossies" - the Fresh Open Source Software Archive 
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1 3.4 - Added apache_1.3.28+.diff to support patching newer versions
2 of Apache.
3
4
5 3.3 - Additional internal debugging and minor updates.
6
7
8 3.2 - Updated for newer versions of Apache (currently tested up to
9 apache 1.3.20).
10
11 - Support for DCE 3.1 under Solaris 7/8.
12
13 - A request for a directory without a trailing slash, in the case
14 where the directory was searchable, not readable, and contained a
15 readable index file, incorrectly required authentication rather
16 than redirecting. We think some change in Apache caused this
17 behavior, as it used to work correctly. In any case, a change
18 was made to fix the problem.
19
20 - A more efficient check for normal vs. proxy authentication was
21 added. Thanks to James Flemer <jflemer@zoo.uvm.edu> for patch.
22
23 - Minor changes to avoid compiler warnings.
24
25
26 3.1 - The sec_login_context_from_pag call was not available under
27 AIX. According to IBM Technical Support, this call should now be
28 available with the latest PTF set for AIX DCE. Contact IBM
29 Technical Support for further details. Thanks to Sue Butala
30 at Transarc technical support for her help with this issue and
31 many others.
32
33 - It seems that macros with a variable number of arguments are a
34 gcc extension, and other compilers generate errors processing
35 them. Those macros have been modified so that warnings will occur
36 rather than errors when using a compiler other than gcc.
37 Generating debugging output, which relies on variable-argument
38 macros, is only supported when using gcc. If you are unable to use
39 gcc, I suggest you request that your compiler vendor implement
40 these useful preprocessor extensions.
41
42 - Fixed sec_login_context_from_pag typo. Thanks to Titus J. Anderson
43 <titus.anderson@louisville.edu> for pointing it out.
44
45 - Misuse of the apache check_access API stage broke the Satisfy
46 directive, and possibly other IP access control mechanisms.
47 Updated API usage to resolve these issues. Thanks to Ken Hagan
48 <khhaga01@louisville.edu> for reporting this problem.
49
50 - The sec_login_inq_pag call seems to return invalid data when the
51 DFS client is not installed and configured. Added a compile-time
52 directive to determine whether DFS support is available, and
53 implemented a replacement mechanism for obtaining the pag when it
54 is not. Thanks to Joel W. Murphy <jmurphy@cnu.acsu.buffalo.edu>
55 for reporting this problem.
56
57
58 3.0 - Implemented new shared memory context cache, with the following
59 new configuration directives: AuthDCECacheBuckets,
60 AuthDCECacheLifetime, AuthDCECacheMaxIdle, AuthDCECacheGracePeriod,
61 AuthDCECacheSweepInterval. Caching is only supported on Solaris
62 in this release.
63
64 - Added new directive AuthDCECertifyIdentify.
65
66 - Renamed following directives: DCEUser to AuthDCEUser, DCEKeytab to
67 AuthDCEKeytab, DCEAuthAuthoritative to AuthDCEAuthoritative,
68 DCEBrowserCreds to AuthDCEImpersonateBrowser, AuthDFS to
69 AuthDCEDFSAuthorization, DCEIncludePW to AuthDCEIncludePW,
70 DCEDirectoryIndex to AuthDCEDirectoryIndex.
71
72 - Modified server credential support to generate and maintain
73 credentials in parent process rather than per child process.
74
75 - Updated sample httpd.conf to match current Cal Poly Pomona
76 Intranet configuration.
77
78 - Much thanks to Craig Rich for his invaluable assistance
79 developing this version.
80
81
82 2.5 - Updated logging code to use 1.3 API.
83
84 - Updated configuration to utilize 1.3 auto-configure capabilities.
85
86 - Updated patch for Apache 1.3.9.
87
88
89 2.2 - Updated module to correctly handle proxy authentication. Thanks to
90 Thomas R. Stevenson <aa0026@wayne.edu> for pointing out the problem.
91
92 - Included the httpd.conf file used in production in the Cal Poly
93 Pomona Intranet as an example configuration file.
94
95
96 2.1 - Fixed typos in Configuration file for AIX systems. Thanks to
97 Mike Burns <burns@cac.psu.edu> and Bas van der Vlies <basv@sara.nl>
98 for pointing out the problems.
99
100 - Cast parameter types to match function prototypes for various calls.
101 Thanks again to Mike and Bas.
102
103 - Restore server credentials after serving a request using browser
104 credentials. Thanks once more to Mike for catching this oversight.
105
106
107 2.0 - Updated patches for Apache 1.3.3. Note that logging still uses the
108 older Apache logging API, which results in somewhat confusing logs.
109 Hopefully the next release will update the logging code.
110
111 - Added two new directives, DCEUser and DCEKeytab, that allow the
112 server to run authenticated as a DCE principal.
113
114 - Added a new directive, DCEBrowserCreds, that controls whether or not
115 the credentials of the authenticated browser are attached to the
116 server process while satisfying the request.
117
118 - Added a new directive, DCEAuthAuthoritative, that controls whether
119 mod_auth_dce is authoritative or allows other modules to try
120 authentication when DCE fails.
121
122 - Minor changes to internal context caching mechanism. Child processes
123 now clear their context caches on exit to prevent credential pile-up.
124
125 - Group checking now uses default registry handle rather than creating
126 an explicit binding.
127
128 - Removed -I/usr/include/dce from CFLAGS. This directive caused the
129 wrong assert.h header to be included.
130
131 - Modify require line parsing to use ap_getword_white() to match new
132 behavior of other authentication modules in 1.3.3.
133
134 - Removed the README.BUGS file and test subdirectory.
135
136
137 1.5 - Updated for Apache 1.3.x, will no longer work with earlier versions
138 of Apache. Sorry for the delayed release.
139
140 - DCEDirectoryIndex configuration directive must now be placed within
141 a <Directory></Directory> section to be properly handled by Apache.
142
143
144 1.3 - Added DCEIncludePW configuration directive, which enables passing
145 browser passwords to CGIs. Previous versions of mod_auth_dce
146 always passed the browser password to a CGI, which on a machine that
147 allowed interactive logins could potentially expose browser passwords
148 to users via the ps command. Thanks to Mark Plaksin
149 <happy@arches.uga.edu> for pointing out this problem.
150
151 - Revised advice about symlink checking. Previously, it was recommended
152 that symlinks be allowed in general. However, if your web server
153 publishes user files, a user can use a symlink to potentially read
154 other users DCE credential files. Therefore, the current
155 recommendation is to either disable symlinks, or only allow symlinks
156 if the owner matches.
157
158 - Removed patches for Apache 1.1.3, 1.2.0, and Stronghold 1.3.4.
159 Added patches for Apache 1.2.4 and Apache 1.2.4+ssl_1.9. Versions
160 of Apache older than 1.2.4 are no longer supported. No version of
161 Stronghold is currently supported, mainly due to their decision to
162 incorporate IP address based licensing restrictions and not
163 distribute full source code without a non-disclosure agreement.
164
165 - Added support for credential caching under AIX. Thanks to Klaus
166 Gottschalk <ox01@saturn.rz.uni-karlsruhe.de> for the implementation
167 details of afs_syscall under AIX, and to Mark Plaksin for providing
168 access to an AIX environment to test them.
169
170
171 1.2 - Added support for Apache 1.2.0 and included a patch file for that
172 version.
173
174 - Added ability to use web server configuration for authorization.
175 Sites without DFS ACLs can now use DCE for authentication, while
176 relying on require directives for authorization. Added new
177 configuration directive, AuthDFS, to allow both web server based
178 and DFS ACL based authorization.
179
180
181 1.0 - Patch for Apache 1.1.3 appeared to be for a nonexistant version 1.3.2,
182 renamed patch and updated README.PATCHES.
183
184 - Added patch for mod_userdir, which was using the r->finfo structure
185 for a local stat. Added a local stat structure so the module would
186 not contaminate the request structure, which was having side effects
187 on mod_auth_dce.
188
189 - Added new configuration command, DCEDirectoryIndex, to fix problem
190 where authentication was being requested for a world-readable index
191 file in a non-world-readable directory.
192
193
194 0.9 - First publicly released version
195
196 - Thanks to Steve Moyer <moyer@transarc.com>, for invaluable technical
197 support and advice on DFS issues, Doug MacEachern <dougm@osf.org> for
198 help with context caching implementation, and Craig Rich
199 <carich@csupomona.edu> for inspiration.