mod_auth_cas was written to specifically target Apache 2.2 and the CAS v2 protocol, although it will also work with Apache 2.0 and the CAS v1 protocol. Much of mod_auth_cas' design was based upon the original mod_cas. I can't speak for mod_cas, but mod_auth_cas is being actively maintained.
I may be a bit biased, but I would recommend mod_auth_cas. -Matt On Fri, 2008-01-11 at 10:00 +0100, Stéphane Gully wrote: > Hello, > > I have to install a CAS authentication module on a Apache reverse > proxy. > I have a small question about the differences between these two > modules : > - mod_auth_cas http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas > - mod_cas http://www.ja-sig.org/wiki/display/CASC/Yale+CAS+client > +distribution > Should I use the first or the second and why ? > > regards, > > On Jan 7, 2008 7:24 PM, Ames, Phillip <[EMAIL PROTECTED]> wrote: > Hello everyone, > > mod_auth_cas-1.0.6 has been released. It is available at: > > > https://www.ja-sig.org/svn/cas-clients/mod_auth_cas/tags/mod_auth_cas-1. > 0.6 > > New in this version, thanks to Matt Smith's hard work, is > compatibility > with Apache on Windows. See the new README.win32 file for > details on > how to compile and use on Windows platforms. > > Also, before you blindly upgrade, please note that certain > default > values have changed. In particular, if you are relying on the > default > values for any of the following parameters: > > CASLoginURL > CASValidateURL > CASProxyValidateURL > CASCookiePath > > Then your installation will not behave as you expect it to. > The > CASCookiePath default is now /dev/null, forcing deployers to > select a > location on their file system. Originally, it was > in /tmp/cas/ but some > distributions purge /tmp/ on reboot (purging this directory) > which > renders mod_auth_cas unable to store information for currently > authenticated users. A popular suggestion is > /var/cache/apache2/mod_auth_cas/ - but be sure that wherever > it goes, it > is only writeable by the web server. Anyone who can write to > this > directory can forge an authenticated session (including > potentially > malicious web scripts that are placed on your server by > users). > > As always, bug reports and feature requests are welcome. > > -Phil > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > > -- > Stéphane GULLY > http://www.zeitoun.net > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Matt Smith [EMAIL PROTECTED] University Information Technology Services (UITS) University of Connecticut PGP Key ID: 0xE9C5244E
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
