1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
v0.13 (2018-10-15)
------------------
- Add compatibility with OpenSSL 1.1 API (Contributed by Vulpeculus)
v0.12 (2018-03-15)
------------------
- Add TKTAuthRequireMultifactor and TKTAuthMultifactorURL.
These can be used to protect certain Directory/Location directives
with an additional login factor to achieve multifactor. Like the original
login, the multifactor method is left up to the ticket generation
application, only requiring an attestation that multifactor has been
supplied. (Contributed by Nick Ramser)
v0.11 (2017-02-28)
------------------
- Fixes selection of digest algorithm when using TKTAuthDigest.
v0.10 (2016-12-16)
------------------
- New option TKTAuthDigest allowing selection of the digest algorithm.
If not configured, the old defaults of SHA1 (for RSA privkey) and DSS1
(for DSA privkey) will be used. SHA224, SHA256, SHA384, and SHA512 are
the additional valid algorithm values. (Contributed by Jake Buchholz)
v0.9 (09/07/2015)
-----------------
- New option TKTAuthHeader allowing custom header(s) to be used instead
of a just a Cookie.
v0.8 (06/28/2012)
-----------------
- new option TKTAuthPassthruBasicAuth and corresponding field in ticket
("bauth") makes it possible to specify the Basic authorization
username/password in the ticket (e.g. when reverse proxying to a
third party system that cannot use mod_auth_pubtkt).
The credentials can optionally be encrypted in the ticket (AES-128-CBC).
v0.7 (06/04/2012)
-----------------
- TKTAuthPublicKey can now be set per directory/location (it is
still possible to set a global default key, so existing configurations
do not need to be changed)
(contributed by Ivo De Decker).
- TKTAuthLoginURL is now optional; if not provided, users without
a valid ticket will simply get an HTTP forbidden error
(contributed by Ivo De Decker).
- Added Perl ticket generation module
(contributed by Assaf Gordon).
- Module now compiles with Apache 2.4.
- Added TKTAuthBadIPURL option
(contributed by John Wittkoski).
- Increased max. UID length to 64 (from 32); can be changed by
modifying MAX_UID_SIZE.
v0.6a (02/23/2010)
------------------
- Fixed XSS vulnerability in example php-login/login.php.
(reported by Thomas Hug).
v0.6 (09/12/2009)
-----------------
- Fixed inheritance of TKTAuthCookieName and TKTAuthBackArgName
configuration directives
(reported by Iaroslav Vassiliev).
- Improved compatibility with HTTP 1.0 (redirect)
(contributed by Frederic Planchon <frederic@planchon.org>).
v0.5 (01/22/2009)
-----------------
- Fixed parsing of cookies with escaped spaces ('+')
(reported by Iaroslav Vassiliev).
- Fixed errors in login.php example.
v0.4 (01/18/2009)
-----------------
- Replaced TKTAuthGracePeriod directive by graceperiod key in ticket
(contributed by Frederic Planchon <frederic@planchon.org>).
- Updated example PHP login page to support ticket refreshing/grace periods
(contributed by Frederic Planchon <frederic@planchon.org>).
v0.3 (01/13/2009)
-----------------
- Added TKTAuthFakeBasicAuth option (when enabled, adds an Authorization
header to prevent problems with username logging for requests that are
handled by PHP), contributed by Frederic Planchon <frederic@planchon.org>.
- Added support for ticket refreshing (TKTAuthRefreshURL and
TKTAuthGracePeriod configuration directives), contributed by
Frederic Planchon <frederic@planchon.org>.
v0.2 (02/03/2008)
-----------------
- Initial public release.
|
