"Fossies" - the Fresh Open Source Software Archive

Member "mod_auth_dce-3.4/CHANGES" (10 Aug 2006, 8698 Bytes) of package /linux/www/apache_httpd_modules/old/mod_auth_dce-3.4.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 3.4 - Added apache_1.3.28+.diff to support patching newer versions
    2       of Apache.
    5 3.3 - Additional internal debugging and minor updates.
    8 3.2 - Updated for newer versions of Apache (currently tested up to
    9       apache 1.3.20).
   11     - Support for DCE 3.1 under Solaris 7/8.
   13     - A request for a directory without a trailing slash, in the case
   14       where the directory was searchable, not readable, and contained a
   15       readable index file, incorrectly required authentication rather
   16       than redirecting. We think some change in Apache caused this
   17       behavior, as it used to work correctly. In any case, a change
   18       was made to fix the problem.
   20     - A more efficient check for normal vs. proxy authentication was
   21       added. Thanks to James Flemer <jflemer@zoo.uvm.edu> for patch.
   23     - Minor changes to avoid compiler warnings.
   26 3.1 - The sec_login_context_from_pag call was not available under
   27       AIX. According to IBM Technical Support, this call should now be
   28       available with the latest PTF set for AIX DCE. Contact IBM
   29       Technical Support for further details. Thanks to Sue Butala
   30       at Transarc technical support for her help with this issue and
   31       many others.
   33     - It seems that macros with a variable number of arguments are a
   34       gcc extension, and other compilers generate errors processing
   35       them. Those macros have been modified so that warnings will occur
   36       rather than errors when using a compiler other than gcc.
   37       Generating debugging output, which relies on variable-argument
   38       macros, is only supported when using gcc. If you are unable to use
   39       gcc, I suggest you request that your compiler vendor implement
   40       these useful preprocessor extensions.
   42     - Fixed sec_login_context_from_pag typo. Thanks to Titus J. Anderson
   43       <titus.anderson@louisville.edu> for pointing it out.
   45     - Misuse of the apache check_access API stage broke the Satisfy
   46       directive, and possibly other IP access control mechanisms.
   47       Updated API usage to resolve these issues. Thanks to Ken Hagan
   48       <khhaga01@louisville.edu> for reporting this problem.
   50     - The sec_login_inq_pag call seems to return invalid data when the
   51       DFS client is not installed and configured. Added a compile-time
   52       directive to determine whether DFS support is available, and
   53       implemented a replacement mechanism for obtaining the pag when it
   54       is not. Thanks to Joel W. Murphy <jmurphy@cnu.acsu.buffalo.edu>
   55       for reporting this problem.
   58 3.0 - Implemented new shared memory context cache, with the following
   59       new configuration directives: AuthDCECacheBuckets,
   60       AuthDCECacheLifetime, AuthDCECacheMaxIdle, AuthDCECacheGracePeriod,
   61       AuthDCECacheSweepInterval. Caching is only supported on Solaris
   62       in this release.
   64     - Added new directive AuthDCECertifyIdentify.
   66     - Renamed following directives: DCEUser to AuthDCEUser, DCEKeytab to
   67       AuthDCEKeytab, DCEAuthAuthoritative to AuthDCEAuthoritative,
   68       DCEBrowserCreds to AuthDCEImpersonateBrowser, AuthDFS to
   69       AuthDCEDFSAuthorization, DCEIncludePW to AuthDCEIncludePW,
   70       DCEDirectoryIndex to AuthDCEDirectoryIndex.
   72     - Modified server credential support to generate and maintain
   73       credentials in parent process rather than per child process.
   75     - Updated sample httpd.conf to match current Cal Poly Pomona
   76       Intranet configuration.
   78     - Much thanks to Craig Rich for his invaluable assistance
   79       developing this version.
   82 2.5 - Updated logging code to use 1.3 API.
   84     - Updated configuration to utilize 1.3 auto-configure capabilities.
   86     - Updated patch for Apache 1.3.9.
   89 2.2 - Updated module to correctly handle proxy authentication. Thanks to
   90       Thomas R. Stevenson <aa0026@wayne.edu> for pointing out the problem.
   92     - Included the httpd.conf file used in production in the Cal Poly
   93       Pomona Intranet as an example configuration file.
   96 2.1 - Fixed typos in Configuration file for AIX systems. Thanks to
   97       Mike Burns <burns@cac.psu.edu> and Bas van der Vlies <basv@sara.nl>
   98       for pointing out the problems.
  100     - Cast parameter types to match function prototypes for various calls.
  101       Thanks again to Mike and Bas.
  103     - Restore server credentials after serving a request using browser
  104       credentials.  Thanks once more to Mike for catching this oversight.
  107 2.0 - Updated patches for Apache 1.3.3. Note that logging still uses the
  108       older Apache logging API, which results in somewhat confusing logs.
  109       Hopefully the next release will update the logging code.
  111     - Added two new directives, DCEUser and DCEKeytab, that allow the
  112       server to run authenticated as a DCE principal.
  114     - Added a new directive, DCEBrowserCreds, that controls whether or not
  115       the credentials of the authenticated browser are attached to the
  116       server process while satisfying the request.
  118     - Added a new directive, DCEAuthAuthoritative, that controls whether
  119       mod_auth_dce is authoritative or allows other modules to try
  120       authentication when DCE fails.
  122     - Minor changes to internal context caching mechanism. Child processes
  123       now clear their context caches on exit to prevent credential pile-up.
  125     - Group checking now uses default registry handle rather than creating
  126       an explicit binding.
  128     - Removed -I/usr/include/dce from CFLAGS. This directive caused the
  129       wrong assert.h header to be included.
  131     - Modify require line parsing to use ap_getword_white() to match new
  132       behavior of other authentication modules in 1.3.3.
  134     - Removed the README.BUGS file and test subdirectory.
  137 1.5 - Updated for Apache 1.3.x, will no longer work with earlier versions
  138       of Apache. Sorry for the delayed release.
  140     - DCEDirectoryIndex configuration directive must now be placed within
  141       a <Directory></Directory> section to be properly handled by Apache.
  144 1.3 - Added DCEIncludePW configuration directive, which enables passing
  145       browser passwords to CGIs. Previous versions of mod_auth_dce
  146       always passed the browser password to a CGI, which on a machine that
  147       allowed interactive logins could potentially expose browser passwords
  148       to users via the ps command. Thanks to Mark Plaksin
  149       <happy@arches.uga.edu> for pointing out this problem.
  151     - Revised advice about symlink checking. Previously, it was recommended
  152       that symlinks be allowed in general. However, if your web server
  153       publishes user files, a user can use a symlink to potentially read
  154       other users DCE credential files. Therefore, the current
  155       recommendation is to either disable symlinks, or only allow symlinks
  156       if the owner matches.
  158     - Removed patches for Apache 1.1.3, 1.2.0, and Stronghold 1.3.4.
  159       Added patches for Apache 1.2.4 and Apache 1.2.4+ssl_1.9. Versions
  160       of Apache older than 1.2.4 are no longer supported. No version of
  161       Stronghold is currently supported, mainly due to their decision to
  162       incorporate IP address based licensing restrictions and not
  163       distribute full source code without a non-disclosure agreement.
  165     - Added support for credential caching under AIX. Thanks to Klaus
  166       Gottschalk <ox01@saturn.rz.uni-karlsruhe.de> for the implementation
  167       details of afs_syscall under AIX, and to Mark Plaksin for providing
  168       access to an AIX environment to test them.
  171 1.2 - Added support for Apache 1.2.0 and included a patch file for that
  172       version.
  174     - Added ability to use web server configuration for authorization.
  175       Sites without DFS ACLs can now use DCE for authentication, while
  176       relying on require directives for authorization. Added new
  177       configuration directive, AuthDFS, to allow both web server based
  178       and DFS ACL based authorization.
  181 1.0 - Patch for Apache 1.1.3 appeared to be for a nonexistant version 1.3.2,
  182       renamed patch and updated README.PATCHES.
  184     - Added patch for mod_userdir, which was using the r->finfo structure
  185       for a local stat. Added a local stat structure so the module would
  186       not contaminate the request structure, which was having side effects
  187       on mod_auth_dce.
  189     - Added new configuration command, DCEDirectoryIndex, to fix problem
  190       where authentication was being requested for a world-readable index
  191       file in a non-world-readable directory.
  194 0.9 - First publicly released version
  196     - Thanks to Steve Moyer <moyer@transarc.com>, for invaluable technical
  197       support and advice on DFS issues, Doug MacEachern <dougm@osf.org> for
  198       help with context caching implementation, and Craig Rich
  199       <carich@csupomona.edu> for inspiration.