The cosign development team is pleased to announce the availability of cosign 3.1.0rc3, a release candidate for 3.1.0.
Cosign 3.1.0rc3 adds a capability list to the cosignd banner and capability parsing to the filters. Cosign 3.1.0 itself adds cookie rekeying during initial validation of a service cookie; support for limiting redirections after logout; setting ticket lifetimes; and a number of features and fixes, listed below. * Download <https://sourceforge.net/projects/cosign/files/cosign-dev/cosign-3.1.0rc3/cosign-3.1.0rc3.tar.gz/download> * Checksums SHA256(cosign-3.1.0rc3.tar.gz)= 35e36b72b1149ef7fd369eaa40f5e40c259db1d0914ba63f1c9a6775a305e711 RIPEMD160(cosign-3.1.0rc2.tar.gz)= 91fe1b1ed32038f468f10b5bcc2159ba47585b5a SHA1(cosign-3.1.0rc2.tar.gz)= 908da7a07b1f0c8ef160ff8662668fe64d7a8cfc * Rekeying Cosign 3.1.0rc3 rekeys the service cookie generated by the cgi during the validation of the cookie and service URL. After generating and registering a new service cookie, the cosign.cgi redirects the browser to the service's validation URL, e.g.: https://service.example.edu/cosign/valid?cosign-service=<cookie>&https://service.example.edu/ The cosign filter checks the service cookie with the weblogin server, and also instructs it to rekey the cookie if the check succeeds. If the check succeeds, the weblogin server generates a new service cookie and renames the original to the new value, returning the new cookie, along with user information, to the filter. The filter then sets this new cookie in the user's browser. NOTE: cosignd must be upgraded to 3.1.0rc3 before rekeying will work. * Logout redirection Cosign 3.1.0rc3 adds the cosignlogoutregex option to cosign.conf for the logout cgi. This option can be used by the weblogin administrators to limit what URLs the logout cgi considers safe for redirection after a user logs out. The value can be set at configuration time (--with-cosignlogoutregex='regex') or in cosign.conf (cosignlogoutregex https?://.*). * Git tag signing I've tagged cosign-3.1.0rc3 in the git repository and signed the tag with GPG. You may verify the tag with the public key for [email protected], available on pgp.mit.edu and keyserver.pgp.com. Please report bugs on the SF.net tracker. Thanks for your support of cosign. andrew -- Changes since 3.1.0rc2: * daemon: add banner capability list to work around hardcoded protocol version. * filters: add capability list parsing. * filters: add REKEY command. Replaces "CHECK <cookie> rekey" in older RCs. * build: Make LIBS environment available to apxs for compiling. * lighttpd filter: fix size checks when copying into sinfo struct. Changes since 3.0.2: * all: Cookie rekeying in apache and lighttpd filters. * cgi: catch NULL return value from snet_getline_multi when storing krb tickets. * cgi: add cosignprincipal config option. Based on a patch from matt at linuxbox dot com. * cgi: add cosignstoretickets and cosignticketlifetime config options. * cgi: add cosignlogoutregex config option. * common: fix: --enable-mysql's optional path argument was ignored. Based on a patch from jorj at isc dot upenn dot edu. * common: Adopt autoheader conventions in build. * common: Handle NetBSD's krb5 pathing in configure script. Report from nmadura at umich dot edu. * filters: [Patch 2801877]: Support multi-cert PEMs. Patch from fedora dot dm0 at gmail dot com. * filters: IP checking now defaults to "never". * filters: [Request 2748342]: Allow CosignService value to start with "cosign-". * filters: fix length passed to strncasecmp when checking cookie prefix in filters. * filters: fix regression in return value check for ap_pregcomp. Report from jorj at isc dot upenn dot edu. * Additional build modifications to clean up git detritus. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
