Hello everyone, mod_auth_cas-1.0.6 has been released. It is available at:
https://www.ja-sig.org/svn/cas-clients/mod_auth_cas/tags/mod_auth_cas-1. 0.6 New in this version, thanks to Matt Smith's hard work, is compatibility with Apache on Windows. See the new README.win32 file for details on how to compile and use on Windows platforms. Also, before you blindly upgrade, please note that certain default values have changed. In particular, if you are relying on the default values for any of the following parameters: CASLoginURL CASValidateURL CASProxyValidateURL CASCookiePath Then your installation will not behave as you expect it to. The CASCookiePath default is now /dev/null, forcing deployers to select a location on their file system. Originally, it was in /tmp/cas/ but some distributions purge /tmp/ on reboot (purging this directory) which renders mod_auth_cas unable to store information for currently authenticated users. A popular suggestion is /var/cache/apache2/mod_auth_cas/ - but be sure that wherever it goes, it is only writeable by the web server. Anyone who can write to this directory can forge an authenticated session (including potentially malicious web scripts that are placed on your server by users). As always, bug reports and feature requests are welcome. -Phil _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
