WebAuth 3.7.1 Announcement
The ITS WebAuth team is pleased to announce Stanford WebAuth 3.7.1. This release changes the WebLogin password change behavior to reprompt for the old password on all password change screens by default, with a configuration option to change it. It also fixes a bug in the default lifetime of single sign-on cookies and should fix build problems on Red Hat.
For documentation and downloads of WebAuth 3.7.1, see:
New Debian packages have been uploaded to Debian unstable, and updated versions will be uploaded to backports.org once WebAuth 3.7.1 migrates to Debian testing.
New Red Hat packages will be coming soon.
The user-visible changes in this release are:
Add new WebLogin configuration parameter $EXPIRING_PW_RESEND_PASSWORD. If set, a user who is changing their password due to either an expired password or by following the prompt to change a password that's expiring soon is required to re-enter their current password on the same screen as the new password, even if they had just authenticated with the old password. This may be required by site security policy and is enabled by default.
Improve error reporting in WebLogin when password change fails.
Make mod_webkdc behavior match the documentation by changing the default WebKdcProxyTokenLifetime to be the lifetime of the underlying Kerberos credential. Previously, the default was ten hours.
When probing for Apache module build flags, call apr-config --includes and add it to the preprocessor flags. Fixes build failures on Red Hat Enterprise Linux 4 and 5.